Scroll to navigation

SAMLSIGN(1) OpenSAML manual SAMLSIGN(1)

NAME

samlsign - sign and verify XML documents

SYNOPSIS

samlsign <options>

DESCRIPTION

samlsign signs or verifies signed XML documents. To sign a document, use -s. To verify a document, omit -s. One of the -c, -R, or -T options are required when verifying. Either -k or -R is required when signing.

By default, samlsign signs or verifies standard input. Pass -u or -f to retrieve the document from a URL or file path. Signed documents are always printed to standard output.

OPTIONS

The URL of the document to sign or verify.
The full path of the document to sign or verify.
Rather than acting on the entire document, only act on the object with the specified ID. Only that object (with its new signature) will be printed to standard output.
Sign, rather than the default action of verify.
Specifies the full path to the key to use for signing.
Specifies the full path to the certificate to use for verification.
Specifies a credential resolver to use for either signing or verification.
Specifies the trust engine for TrustEngine-based verification.
Specifies the metadata for TrustEngine-based verification.
Specifies the issuer for verification.
Specifies the protocol for TrustEngine-based verification. This option allows specification of an arbitrary protocol by name, but more commonly one would use one of the options listed below for standard protocol names.
Specifies the resource name for TrustEngine-based verification. This option allows specification of an arbitrary resource name by name, but more commonly one would use one of the options listed below for standard resource names.
Specifies the namespace for TrustEngine-based verification. If not given, the default is SAML20MD_NS.
Use the SAML1.0 protocol for TrustEngine-based verification.
use the SAML1.1 protocol for TrustEngine-based verification.
use the SAML2.0 P NS protocol for TrustEngine-based verification.
Set the resource name to IDPSSODescriptor for TrustEngine-based verification.
Set the resource name to AttributeAuthorityDescriptor for TrustEngine-based verification.
Set the resource name to PDPDescriptor for TrustEngine-based verification.
Set the resource name to SPSSODescriptor for TrustEngine-based verification.
Validate the document while signing or verifying it. The path to the schemas used for validation can be overridden by setting the OPENSAML_SCHEMAS environment variable.
Specifies the signature algorithm to use, overriding the default. Only used when signing. -dig algorithm Specifies the digest algorithm to use, overriding the default. Only used when signing.

EXIT STATUS

0
Success.
-1
An error in how samlsign was called (incorrect arguments, for example).
-2
An error occurred when initializing the configuration.
-10
An exception was caught.

EXAMPLES

To sign SAML 2.0 metadata, use:

    samlsign -k /path/to/key -c /path/to/cert -f /path/to/metadata

AUTHOR

This manpage were written by Ferenc Wágner and Russ Allbery for Debian GNU/Linux.

COPYRIGHT

Copyleft (C) 2008 Ferenc Wágner
This is free software in the public domain.

2011 Jul 25 UCAID