samlsign(1) [debian man page]

SAMLSIGN(1)							  OpenSAML manual						       SAMLSIGN(1)

NAME

       samlsign - sign and verify XML documents

SYNOPSIS

       samlsign <options>

DESCRIPTION

       samlsign signs or verifies signed XML documents.  To sign a document, use -s.  To verify a document, omit -s.  One of the -c, -R, or -T
       options are required when verifying.  Either -k or -R is required when signing.

       By default, samlsign signs or verifies standard input.  Pass -u or -f to retrieve the document from a URL or file path.	Signed documents
       are always printed to standard output.

OPTIONS

       -u URL The URL of the document to sign or verify.

       -f PATH
	      The full path of the document to sign or verify.

       -id ID Rather than acting on the entire document, only act on the object with the specified ID.	Only that object (with its new signature)
	      will be printed to standard output.

       -s     Sign, rather than the default action of verify.

       -k KEY Specifies the full path to the key to use for signing.

       -c CERT
	      Specifies the full path to the certificate to use for verification.

       -R RESOLVER
	      Specifies a credential resolver to use for either signing or verification.

       -T TRUST
	      Specifies the trust engine for TrustEngine-based verification.

       -M METADATA
	      Specifies the metadata for TrustEngine-based verification.

       -i ISSUER
	      Specifies the issuer for verification.

       -p PROT
	      Specifies the protocol for TrustEngine-based verification.  This option allows specification of an arbitrary protocol by name, but
	      more commonly one would use one of the options listed below for standard protocol names.

       -r RNAME
	      Specifies the resource name for TrustEngine-based verification.  This option allows specification of an arbitrary resource name by
	      name, but more commonly one would use one of the options listed below for standard resource names.

       -ns RNS
	      Specifies the namespace for TrustEngine-based verification.  If not given, the default is SAML20MD_NS.

       -saml10
	      Use the SAML1.0 protocol for TrustEngine-based verification.

       -saml11
	      use the SAML1.1 protocol for TrustEngine-based verification.

       -saml2 use the SAML2.0 P NS protocol for TrustEngine-based verification.

       -idp   Set the resouce name to IDPSSODescriptor for TrustEngine-based verification.

       -aa    Set the resource name to AttributeAuthorityDescriptor for TrustEngine-based verification.

       -pdp   Set the resource name to PDPDescriptor for TrustEngine-based verification.

       -sp    Set the resource name to SPSSODescriptor for TrustEngine-based verification.

       -V     Validate the document while signing or verifying it.  The path to the schemas used for validation can be overridden by setting the
	      OPENSAML_SCHEMAS environment variable.

       -alg algorithm
	      Specifies the signature algorithm to use, overriding the default.  Only used when signing.  -dig algorithm Specifies the digest
	      algorithm to use, overriding the default.  Only used when signing.

EXIT STATUS

       0      Success.

       -1     An error in how samlsign was called (incorrect arguments, for example).

       -2     An error occurred when initializing the configuration.

       -10    An exception was caught.

EXAMPLES

       To sign SAML 2.0 metadata, use:

	   samlsign -k /path/to/key -c /path/to/cert -f /path/to/metadata

AUTHOR

       This manpage were written by Ferenc Wagner and Russ Allbery for Debian GNU/Linux.

COPYRIGHT

       Copyleft (C) 2008 Ferenc Wagner
       This is free software in the public domain.

UCAID
								    2011 Jul 25 						       SAMLSIGN(1)

Check Out this Related Man Page

MDQUERY(1)							    Shibboleth								MDQUERY(1)

NAME

       mdquery - Query Shibboleth metadata

SYNOPSIS

       mdquery -e entity [-a app] [-nostrict]

       mdquery -e entity -r role -p protocol [-a app]
	   [-ns namespace] [-nostrict]

DESCRIPTION

       mdquery queries and displays Shibboleth SP metadata.  It is primarily a debugging tool to use in conjunction with advice from the
       Shibboleth mantaininers.  It can display either the metadata for an entity or the metadata for a particular role.

OPTIONS

       -a app
	   Specifies the application ID for which to retrieve metadata.  If not given the default is "default".

       -e entity
	   Specifies the entity ID for which to show metadata.	Normally this is the entity descriptor ID for an entity with which one is having a
	   problem (such as the entity ID for the local SP).

       -nostrict
	   Relax the strictness of checking (such as of expiration dates).

       -ns namespace
	   When retrieving metadata for a particular role, specify the namespace.  If not given, the default is the SAML20MD namespace.

       -p protocol
	   Specify a protocol when retrieving metadata for a particular role.  Normally one would use the -saml10, -saml11, or -saml2 options to
	   specify the protocol name, but this option allows an arbitrary protocol to be specified.

       -saml10
	   Specify a protocol of SAML 1.0.

       -saml11
	   Specify a protocol of SAML 1.1.

       -saml2
	   Specify a protocol of SAML 2.0.

       -r role
	   Retrieve the metadata for a particular role.  Normally one would use the -idp, -aa, -pdp, or -sp options to specify the role name, but
	   this option allows an arbitrary role to be specified.

       -idp
	   Specify a role of IDPSSODescriptor.

       -aa Specify a role of AttributeAuthorityDescriptor.

       -pdp
	   Specify a role of PDPDescriptor.

       -sp Specify a role of SPSSODescriptor.

AUTHOR

       This manual page was written by Russ Allbery for Debian GNU/Linux.

COPYRIGHT

       Copyright 2008 Russ Allbery.  This manual page is hereby placed into the public domain by its author.

2.4.3								    2012-02-16								MDQUERY(1)

Linux and UNIX Man Pages

samlsign(1) [debian man page]

Check Out this Related Man Page