pglezen/spmetagen.xsl

## spmetagen.xsl
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
   xmlns:dp="http://www.datapower.com/extensions"
   xmlns:sp="urn:oasis:names:tc:SAML:2.0:protocol"
   xmlns:sa="urn:oasis:names:tc:SAML:2.0:assertion"
   xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
   exclude-result-prefixes="dp"
   extension-element-prefixes="dp"
   version="1.0">

  <xsl:output method="xml" indent="yes" standalone="yes"/>

  <dp:summary xmlns="">
    <operation>xform</operation>
    <description>Generate SAML SP Metadata.</description>
  </dp:summary>

  <!--
    Invoke this with curl using the following sample as a guide (all on one line):
      curl http://host:6024/sp/meta
         --data-urlencode entityID=urn:your:entity:id:here
         --data-urlencode certname=NameOfYourCertObject
         --data-urlencode acs=https://your.acs.host.com:9876/acs
    -->

  <xsl:template match="/">
    <xsl:variable name="entityID" select="/request/args/arg[@name='entityID']/text()"/>
    <xsl:variable name="certname" select="/request/args/arg[@name='certname']/text()"/>
    <xsl:variable name="acs"      select="/request/args/arg[@name='acs']/text()"/>

    <xsl:message dp:priority="info">Entity ID = <xsl:value-of select="$entityID"/></xsl:message>
    <xsl:message dp:priority="info">Cert Name = <xsl:value-of select="$certname"/></xsl:message>
    <xsl:message dp:priority="info">ACS URL   = <xsl:value-of select="$acs"/></xsl:message>

    <xsl:variable name="b64cert" select="dp:base64-cert(concat('name:', $certname))"/>

<md:EntityDescriptor xmlns="http://www.w3.org/2000/09/xmldsig#" entityID="{$entityID}">
  <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="encryption">
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <X509Data>
          <X509Certificate><xsl:value-of select="$b64cert"/></X509Certificate>
        </X509Data>
      </KeyInfo>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
    </md:KeyDescriptor>
    <md:AssertionConsumerService index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{$acs}"/>
  </md:SPSSODescriptor>
</md:EntityDescriptor>

  </xsl:template>
</xsl:stylesheet>

## usage.md

      
    Raw
  

              usage.md
            
          
    Upload this file to your appliance and reference it from a
stylesheet action that comes after an HTTP query params action.
The var://service/mpgw/skip-backside should be set to 1.
Use the following curl command should get you the metadata.
(line breaks are for brevity).
curl http://host:port/sp/meta
     --data-urlencode entityID=urn:your:entity:id:here 
     --data-urlencode certname=NameOfYourCertObject
     --data-urlencode acs=https://your.acs.host.com:9876/acs
     > mySamlMetadata.xml

Of course, you would need a match action for /sp/meta.
	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
	<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
	xmlns:dp="http://www.datapower.com/extensions"
	xmlns:sp="urn:oasis:names:tc:SAML:2.0:protocol"
	xmlns:sa="urn:oasis:names:tc:SAML:2.0:assertion"
	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
	exclude-result-prefixes="dp"
	extension-element-prefixes="dp"
	version="1.0">

	<xsl:output method="xml" indent="yes" standalone="yes"/>

	<dp:summary xmlns="">
	<operation>xform</operation>
	<description>Generate SAML SP Metadata.</description>
	</dp:summary>

	<!--
	Invoke this with curl using the following sample as a guide (all on one line):
	curl http://host:6024/sp/meta
	--data-urlencode entityID=urn:your:entity:id:here
	--data-urlencode certname=NameOfYourCertObject
	--data-urlencode acs=https://your.acs.host.com:9876/acs
	-->

	<xsl:template match="/">
	<xsl:variable name="entityID" select="/request/args/arg[@name='entityID']/text()"/>
	<xsl:variable name="certname" select="/request/args/arg[@name='certname']/text()"/>
	<xsl:variable name="acs" select="/request/args/arg[@name='acs']/text()"/>

	<xsl:message dp:priority="info">Entity ID = <xsl:value-of select="$entityID"/></xsl:message>
	<xsl:message dp:priority="info">Cert Name = <xsl:value-of select="$certname"/></xsl:message>
	<xsl:message dp:priority="info">ACS URL = <xsl:value-of select="$acs"/></xsl:message>

	<xsl:variable name="b64cert" select="dp:base64-cert(concat('name:', $certname))"/>

	<md:EntityDescriptor xmlns="http://www.w3.org/2000/09/xmldsig#" entityID="{$entityID}">
	<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
	<md:KeyDescriptor use="encryption">
	<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
	<X509Data>
	<X509Certificate><xsl:value-of select="$b64cert"/></X509Certificate>
	</X509Data>
	</KeyInfo>
	<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
	</md:KeyDescriptor>
	<md:AssertionConsumerService index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{$acs}"/>
	</md:SPSSODescriptor>
	</md:EntityDescriptor>

	</xsl:template>
	</xsl:stylesheet>