Provided by: opensaml-tools_3.0.1-1_amd64
samlsign - sign and verify XML documents
samlsign signs or verifies signed XML documents. To sign a document, use -s. To verify a document, omit -s. One of the -c, -R, or -T options are required when verifying. Either -k or -R is required when signing. By default, samlsign signs or verifies standard input. Pass -u or -f to retrieve the document from a URL or file path. Signed documents are always printed to standard output.
-u URL The URL of the document to sign or verify. -f PATH The full path of the document to sign or verify. -id ID Rather than acting on the entire document, only act on the object with the specified ID. Only that object (with its new signature) will be printed to standard output. -s Sign, rather than the default action of verify. -k KEY Specifies the full path to the key to use for signing. -c CERT Specifies the full path to the certificate to use for verification. -R RESOLVER Specifies a credential resolver to use for either signing or verification. -T TRUST Specifies the trust engine for TrustEngine-based verification. -M METADATA Specifies the metadata for TrustEngine-based verification. -i ISSUER Specifies the issuer for verification. -p PROT Specifies the protocol for TrustEngine-based verification. This option allows specification of an arbitrary protocol by name, but more commonly one would use one of the options listed below for standard protocol names. -r RNAME Specifies the resource name for TrustEngine-based verification. This option allows specification of an arbitrary resource name by name, but more commonly one would use one of the options listed below for standard resource names. -ns RNS Specifies the namespace for TrustEngine-based verification. If not given, the default is SAML20MD_NS. -saml10 Use the SAML1.0 protocol for TrustEngine-based verification. -saml11 use the SAML1.1 protocol for TrustEngine-based verification. -saml2 use the SAML2.0 P NS protocol for TrustEngine-based verification. -idp Set the resource name to IDPSSODescriptor for TrustEngine-based verification. -aa Set the resource name to AttributeAuthorityDescriptor for TrustEngine-based verification. -pdp Set the resource name to PDPDescriptor for TrustEngine-based verification. -sp Set the resource name to SPSSODescriptor for TrustEngine-based verification. -V Validate the document while signing or verifying it. The path to the schemas used for validation can be overridden by setting the OPENSAML_SCHEMAS environment variable. -alg algorithm Specifies the signature algorithm to use, overriding the default. Only used when signing. -dig algorithm Specifies the digest algorithm to use, overriding the default. Only used when signing.
0 Success. -1 An error in how samlsign was called (incorrect arguments, for example). -2 An error occurred when initializing the configuration. -10 An exception was caught.
To sign SAML 2.0 metadata, use: samlsign -k /path/to/key -c /path/to/cert -f /path/to/metadata
This manpage were written by Ferenc Wágner and Russ Allbery for Debian GNU/Linux.
Copyleft (C) 2008 Ferenc Wágner This is free software in the public domain.