From 2a848ef2ea7522c281ef3ae2cff3c7dbaf62d822 Mon Sep 17 00:00:00 2001
From: Tom Scavo <trscavo@internet2.edu>
Date: Sun, 5 Mar 2017 12:19:55 -0500
Subject: [PATCH] Add example to overview section

---
 README.md | 65 +++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 44 insertions(+), 21 deletions(-)

diff --git a/README.md b/README.md
index 469a871..2f27551 100644
--- a/README.md
+++ b/README.md
@@ -75,6 +75,50 @@ saml_tools.sh
 
 ## Overview
 
+### ``probe_saml_idp.sh``
+
+Given a single IdP entityID, the ``probe_saml_idp.sh`` script probes all browser-facing SSO endpoints in IdP metadata.
+
+```Shell
+$ id=https://idp.incommonfederation.org/idp/shibboleth
+$ $BIN_DIR/probe_saml_idp.sh $id
+0 redirects:2;response:200;dns:0.000;tcp:0.038;ssl:0.086;total:1.016 https://idp.incommonfederation.org/idp/profile/SAML2/Redirect/SSO urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
+0 redirects:2;response:200;dns:0.000;tcp:0.038;ssl:0.088;total:0.737 https://idp.incommonfederation.org/idp/profile/SAML2/POST/SSO urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
+WARNING: get_sso_endpoint: entity has no SSO endpoint that supports the HTTP-POST-SimpleSign binding: https://idp.incommonfederation.org/idp/shibboleth
+0 redirects:2;response:200;dns:0.000;tcp:0.038;ssl:0.088;total:0.735 https://idp.incommonfederation.org/idp/profile/Shibboleth/SSO urn:mace:shibboleth:1.0:profiles:AuthnRequest https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
+```
+
+By default, the script probes **all** browser-facing endpoints, including SAML1 endpoints. Use the ``-b`` option to probe a single endpoint with a particular binding.
+
+See the inline help file for details:
+
+```Shell
+$ $BIN_DIR/probe_saml_idp.sh -h
+```
+
+### ``probe_saml_idps.sh``
+
+Given a list of IdP entityIDs, the ``probe_saml_idps.sh`` script probes one or more browser-facing SSO endpoints in each IdP entity descriptor.
+
+```Shell
+$ $BIN_DIR/probe_saml_idps.sh -t 6 <<ENTITY_IDs
+urn:mace:incommon:internet2.edu
+https://login.ligo.org/idp/shibboleth
+https://idp.ncsa.illinois.edu/idp/shibboleth
+ENTITY_IDs
+0 redirects:3;response:200;dns:0.070;tcp:0.107;ssl:0.303;total:0.833 https://origin.internet2.edu/idp/profile/SAML2/Redirect/SSO urn:mace:incommon:internet2.edu
+0 redirects:1;response:200;dns:0.000;tcp:0.000;ssl:0.000;total:0.797 https://login.ligo.org/idp/profile/SAML2/Redirect/SSO https://login.ligo.org/idp/shibboleth
+0 redirects:1;response:200;dns:0.000;tcp:0.038;ssl:0.093;total:1.075 https://idp.ncsa.illinois.edu/idp/profile/SAML2/Redirect/SSO https://idp.ncsa.illinois.edu/idp/shibboleth
+```
+
+By default, the script probes one endpoint per IdP, namely, the SAML2 HTTP-Redirect endpoint. By specifying an option on the command line, up to four (4) endpoints per IdP may be probed.
+
+See the inline help file for details:
+
+```Shell
+$ $BIN_DIR/probe_saml_idps.sh -h
+```
+
 ### ``check_idp_error_urls.sh``
 
 Given a list of entityIDs and a metadata source, bash script ``check_idp_error_urls.sh`` probes each entity and determines which of the entityIDs correspond to SAML IdP deployments. For each such deployment, the script determines whether it has an ``errorURL`` in metadata and whether or not that URL is resolvable. For example:
@@ -97,27 +141,6 @@ See the inline help file for details:
 $ $BIN_DIR/check_idp_error_urls.sh -h
 ```
 
-### ``probe_saml_idp.sh``
-
-Given a single IdP entityID, the ``probe_saml_idp.sh`` script probes all browser-facing SSO endpoints in IdP metadata.
-
-```Shell
-$ id=https://idp.incommonfederation.org/idp/shibboleth
-$ $BIN_DIR/probe_saml_idp.sh $id
-0 redirects:2;response:200;dns:0.000;tcp:0.038;ssl:0.086;total:1.016 https://idp.incommonfederation.org/idp/profile/SAML2/Redirect/SSO urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
-0 redirects:2;response:200;dns:0.000;tcp:0.038;ssl:0.088;total:0.737 https://idp.incommonfederation.org/idp/profile/SAML2/POST/SSO urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
-WARNING: get_sso_endpoint: entity has no SSO endpoint that supports the HTTP-POST-SimpleSign binding: https://idp.incommonfederation.org/idp/shibboleth
-0 redirects:2;response:200;dns:0.000;tcp:0.038;ssl:0.088;total:0.735 https://idp.incommonfederation.org/idp/profile/Shibboleth/SSO urn:mace:shibboleth:1.0:profiles:AuthnRequest https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
-```
-
-By default, the script probes **all** browser-facing endpoints, including SAML1 endpoints. Use the ``-b`` option to probe a single endpoint with a particular binding.
-
-See the inline help file for details:
-
-```Shell
-$ $BIN_DIR/probe_saml_idp.sh -h
-```
-
 ## Compatibility
 
 The bash scripts are compatible with both GNU/Linux and Mac OS. The XSLT scripts are written in XSLT 1.0.