.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .if !\nF .nr F 0 .if \nF>0 \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} .\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SHIB-METAGEN.1 1" .TH SHIB-METAGEN.1 1 "2018-01-04" "2.6.1" "Shibboleth" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" shib\-metagen \- Generate metadata for a Shibboleth SP .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBshib-metagen\fR [\fB\-12ADLNO\fR] [\fB\-c\fR \fIcert\fR [\fB\-c\fR \fIcert\fR ...]] [\fB\-e\fR \fIentity-id\fR] [\fB\-f\fR \fIformat\fR [\fB\-f\fR \fIformat\fR ...]] [\fB\-h\fR \fIhost\fR [\fB\-h\fR \fIhost\fR ...]] [\fB\-n\fR \fIhost\fR [\fB\-n\fR \fIhost\fR ...]] [\fB\-l\fR \fIhost-file\fR] [\fB\-o\fR \fIorganization\fR] [\fB\-a\fR \fIadmin\fR [\fB\-a\fR \fIadmin\fR ...]] [\fB\-s\fR \fIsupport\fR [\fB\-s\fR \fIsupport\fR ...]] [\fB\-t\fR \fItech\fR [\fB\-t\fR \fItech\fR ...]] [\fB\-u\fR \fIurl\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" Generate metadata for a Shibboleth \s-1SP.\s0 The metadata is printed to standard output. Most of the parameters are optional, but at least one of \&\fB\-h\fR or \fB\-n\fR must be given to specify the hostname to use in constructing URLs for the Shibboleth service for the \s-1SP.\s0 Other metadata can be added by using the other command-line parameters. Most parameters can be given multiple times. .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-1\fR" 4 .IX Item "-1" Generate \s-1SAML 1.0\s0 metadata. The default, if neither \fB\-1\fR nor \fB\-2\fR is given, is to generate metadata for both \s-1SAML 1.0\s0 and \s-1SAML 2.0.\s0 .IP "\fB\-2\fR" 4 .IX Item "-2" Generate \s-1SAML 2.0\s0 metadata. The default, if neither \fB\-1\fR nor \fB\-2\fR is given, is to generate metadata for both \s-1SAML 1.0\s0 and \s-1SAML 2.0.\s0 .IP "\fB\-A\fR" 4 .IX Item "-A" Include artifact metadata. .IP "\fB\-a\fR \fIadmin\fR" 4 .IX Item "-a admin" An administrative contact for this Shibboleth \s-1SP.\s0 This option may be omitted, in which case administrative contact metadata is not included, or may be given multiple times to list multiple contacts. \fIadmin\fR should be in the form \f(CW\*(C`\f(CIfirst\f(CW/\f(CIlast\f(CW/\f(CIemail\f(CW\*(C'\fR where \fIfirst\fR is the given name and \fIlast\fR is the surname. .IP "\fB\-c\fR \fIcert\fR" 4 .IX Item "-c cert" Specifies the \s-1SSL\s0 certificate used to identify this Shibboleth \s-1SP.\s0 This option may be given multiple times to specify multiple certificates. If it is not given, the default certificate is \fIsp\-cert.pem\fR in the current working directory. .IP "\fB\-D\fR" 4 .IX Item "-D" Include discovery service information in the metadata. By default, discovery service information is not included. .IP "\fB\-e\fR \fIentity-id\fR" 4 .IX Item "-e entity-id" The entity \s-1ID\s0 for this \s-1SP.\s0 This must be a unique identifier for this \s-1SP\s0 and must be a \s-1URL.\s0 If \fB\-o\fR is given and \fB\-u\fR is not given, \fIentity-id\fR is used as the \s-1URL\s0 for the organization running this Shibboleth \s-1SP.\s0 If it is not specified, it defaults to \f(CW\*(C`https://\f(CIhost\f(CW/shibboleth\*(C'\fR where \&\fIhost\fR is the argument to the first \fB\-h\fR option. .IP "\fB\-f\fR \fIformat\fR" 4 .IX Item "-f format" Include this NameIDFormat in the metadata. This option may be given more than once. .IP "\fB\-h\fR \fIhost\fR" 4 .IX Item "-h host" A hostname for this \s-1SP\s0 (possibly a virtual host). Either this option, the \&\fB\-n\fR option, or the \fB\-l\fR option must be specified at least once. It should be repeated for every virtual host that responds to the Shibboleth protocol. \fB\-h\fR should be used for hostnames or virtual hosts that use \&\s-1SSL.\s0 .IP "\fB\-L\fR" 4 .IX Item "-L" Include Single Logout information in the metadata. This is not included by default. .IP "\fB\-l\fR \fIhost-list\fR" 4 .IX Item "-l host-list" Read the list of hostnames for this \s-1SP\s0 from a file. Each line of the file will be treated as if it were passed as an argument to the \fB\-h\fR option to specify a hostname or virtual host that responds to the Shibboleth protocol and uses \s-1SSL.\s0 .IP "\fB\-N\fR" 4 .IX Item "-N" Include NameID management information in the metadata. This is not included by default. .IP "\fB\-n\fR \fIhost\fR" 4 .IX Item "-n host" A hostname for this \s-1SP\s0 (possibly a virtual host). Either this option, the \&\fB\-h\fR, or the \fB\-l\fR option must be specified at least once. It should be repeated for every virtual host that responds to the Shibboleth protocol. \&\fB\-n\fR should be used for hostnames or virtual hosts that do not use \s-1SSL\s0 to protect the Shibboleth communication. .IP "\fB\-O\fR" 4 .IX Item "-O" Include \s-1XML\s0 namespace declarations in the generated metadata. This is the default. .IP "\fB\-o\fR \fIorganization\fR" 4 .IX Item "-o organization" The name of the organization that runs this Shibboleth \s-1SP.\s0 This option may be given only once and may be omitted, in which case organization metadata is not included. This is normally not necessary but may be used by other software systems for purposes such as displaying lists of entities with human-readable names. .IP "\fB\-s\fR \fIsupport\fR" 4 .IX Item "-s support" A support contact for this Shibboleth \s-1SP.\s0 This option may be omitted, in which case support contact metadata is not included, or may be given multiple times to list multiple contacts. \fIsupport\fR should be in the form \f(CW\*(C`\f(CIfirst\f(CW/\f(CIlast\f(CW/\f(CIemail\f(CW\*(C'\fR where \fIfirst\fR is the given name and \&\fIlast\fR is the surname. .IP "\fB\-t\fR \fItech\fR" 4 .IX Item "-t tech" A technical contact for this Shibboleth \s-1SP.\s0 This option may be omitted, in which case technical contact metadata is not included, or may be given multiple times to list multiple contacts. \fItech\fR should be in the form \&\f(CW\*(C`\f(CIfirst\f(CW/\f(CIlast\f(CW/\f(CIemail\f(CW\*(C'\fR where \fIfirst\fR is the given name and \fIlast\fR is the surname. .IP "\fB\-u\fR \fIurl\fR" 4 .IX Item "-u url" Sets the \s-1URL\s0 for the organization. This information is only used if the \&\fB\-o\fR option is also given to specify the name of the organization. If \&\fB\-o\fR is given and \fB\-u\fR is not given, the entity \s-1ID\s0 (set with \fB\-e\fR) is used as the organization \s-1URL.\s0 .SH "AUTHOR" .IX Header "AUTHOR" This manual page was written by Russ Allbery for Debian GNU/Linux. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2009, 2011 Russ Allbery. This manual page is hereby placed into the public domain by its author.