Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Generate SAML SP metadata for DataPower
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:dp="http://www.datapower.com/extensions"
xmlns:sp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:sa="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
exclude-result-prefixes="dp"
extension-element-prefixes="dp"
version="1.0">
<xsl:output method="xml" indent="yes" standalone="yes"/>
<dp:summary xmlns="">
<operation>xform</operation>
<description>Generate SAML SP Metadata.</description>
</dp:summary>
<!--
Invoke this with curl using the following sample as a guide (all on one line):
curl http://host:6024/sp/meta
--data-urlencode entityID=urn:your:entity:id:here
--data-urlencode certname=NameOfYourCertObject
--data-urlencode acs=https://your.acs.host.com:9876/acs
-->
<xsl:template match="/">
<xsl:variable name="entityID" select="/request/args/arg[@name='entityID']/text()"/>
<xsl:variable name="certname" select="/request/args/arg[@name='certname']/text()"/>
<xsl:variable name="acs" select="/request/args/arg[@name='acs']/text()"/>
<xsl:message dp:priority="info">Entity ID = <xsl:value-of select="$entityID"/></xsl:message>
<xsl:message dp:priority="info">Cert Name = <xsl:value-of select="$certname"/></xsl:message>
<xsl:message dp:priority="info">ACS URL = <xsl:value-of select="$acs"/></xsl:message>
<xsl:variable name="b64cert" select="dp:base64-cert(concat('name:', $certname))"/>
<md:EntityDescriptor xmlns="http://www.w3.org/2000/09/xmldsig#" entityID="{$entityID}">
<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="encryption">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate><xsl:value-of select="$b64cert"/></X509Certificate>
</X509Data>
</KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
</md:KeyDescriptor>
<md:AssertionConsumerService index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{$acs}"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
</xsl:template>
</xsl:stylesheet>

Upload this file to your appliance and reference it from a stylesheet action that comes after an HTTP query params action. The var://service/mpgw/skip-backside should be set to 1. Use the following curl command should get you the metadata. (line breaks are for brevity).

curl http://host:port/sp/meta
     --data-urlencode entityID=urn:your:entity:id:here 
     --data-urlencode certname=NameOfYourCertObject
     --data-urlencode acs=https://your.acs.host.com:9876/acs
     > mySamlMetadata.xml

Of course, you would need a match action for /sp/meta.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment