Ubuntu Manpage: samlsign - sign and verify XML documents

Provided by: opensaml2-tools_2.5.5-1ubuntu0.1_amd64

NAME

       samlsign - sign and verify XML documents

SYNOPSIS

       samlsign <options>

DESCRIPTION

       samlsign signs or verifies signed XML documents.  To sign a document, use -s.  To verify a
       document, omit -s.  One of the -c, -R, or -T options are required when verifying.  Either
       -k or -R is required when signing.

       By default, samlsign signs or verifies standard input.  Pass -u or -f to retrieve the
       document from a URL or file path.  Signed documents are always printed to standard output.

OPTIONS

-u URL The URL of the document to sign or verify.

-f PATH
The full path of the document to sign or verify.

-id ID Rather than acting on the entire document, only act on the object with the
specified ID. Only that object (with its new signature) will be printed to
standard output.

-s Sign, rather than the default action of verify.

-k KEY Specifies the full path to the key to use for signing.

-c CERT
Specifies the full path to the certificate to use for verification.

-R RESOLVER
Specifies a credential resolver to use for either signing or verification.

-T TRUST
Specifies the trust engine for TrustEngine-based verification.

-M METADATA
Specifies the metadata for TrustEngine-based verification.

-i ISSUER
Specifies the issuer for verification.

-p PROT
Specifies the protocol for TrustEngine-based verification. This option allows
specification of an arbitrary protocol by name, but more commonly one would use one
of the options listed below for standard protocol names.

-r RNAME
Specifies the resource name for TrustEngine-based verification. This option allows
specification of an arbitrary resource name by name, but more commonly one would
use one of the options listed below for standard resource names.

-ns RNS
Specifies the namespace for TrustEngine-based verification. If not given, the
default is SAML20MD_NS.

-saml10
Use the SAML1.0 protocol for TrustEngine-based verification.

-saml11
use the SAML1.1 protocol for TrustEngine-based verification.

-saml2 use the SAML2.0 P NS protocol for TrustEngine-based verification.

-idp Set the resouce name to IDPSSODescriptor for TrustEngine-based verification.

-aa Set the resource name to AttributeAuthorityDescriptor for TrustEngine-based
verification.

-pdp Set the resource name to PDPDescriptor for TrustEngine-based verification.

-sp Set the resource name to SPSSODescriptor for TrustEngine-based verification.

-V Validate the document while signing or verifying it. The path to the schemas used
for validation can be overridden by setting the OPENSAML_SCHEMAS environment
variable.

-alg algorithm
Specifies the signature algorithm to use, overriding the default. Only used when
signing. -dig algorithm Specifies the digest algorithm to use, overriding the
default. Only used when signing.

EXIT STATUS

       0      Success.

       -1     An error in how samlsign was called (incorrect arguments, for example).

       -2     An error occurred when initializing the configuration.

       -10    An exception was caught.

EXAMPLES

       To sign SAML 2.0 metadata, use:

           samlsign -k /path/to/key -c /path/to/cert -f /path/to/metadata

AUTHOR

       This manpage were written by Ferenc Wágner and Russ Allbery for Debian GNU/Linux.

COPYRIGHT

       Copyleft (C) 2008 Ferenc Wágner
       This is free software in the public domain.