From 847f911460f207b9eae7350569559533273407fa Mon Sep 17 00:00:00 2001
From: Tom Scavo <trscavo@internet2.edu>
Date: Sun, 5 Mar 2017 11:56:50 -0500
Subject: [PATCH 1/3] Update file lists in README.md

---
 README.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 3d80e0d..ab5d8e7 100644
--- a/README.md
+++ b/README.md
@@ -31,6 +31,9 @@ command_paths.sh
 compatible_date.sh
 compatible_mktemp.sh
 config_tools.sh
+entity_endpoints_txt.xsl
+entity_identifiers_txt.xsl
+entity_idp_names_txt.xsl
 extract_entity.xsl
 http_tools.sh
 md_tools.sh
@@ -50,15 +53,19 @@ $ ls -1 $BIN_DIR
 cget.sh
 check_idp_error_urls.sh
 list_local_idp_error_urls.sh
+list_local_saml_idp_endpoints.sh
 probe_saml_idp.sh
+probe_saml_idps.sh
 
 $ ls -1 $LIB_DIR 
 command_paths.sh
 compatible_date.sh
 compatible_mktemp.sh
 config_tools.sh
+entity_endpoints_txt.xsl
+entity_identifiers_txt.xsl
+entity_idp_names_txt.xsl
 extract_IdP_entityIDs.xsl
-extract_IdP_names.xsl
 extract_InCommon_IdP_entityIDs.xsl
 extract_entity.xsl
 http_tools.sh

From 609128bba6e7253fa8cebcd6e15f5d89e8e27c46 Mon Sep 17 00:00:00 2001
From: Tom Scavo <trscavo@internet2.edu>
Date: Sun, 5 Mar 2017 12:02:48 -0500
Subject: [PATCH 2/3] Update example in overview section

---
 README.md | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index ab5d8e7..469a871 100644
--- a/README.md
+++ b/README.md
@@ -103,13 +103,14 @@ Given a single IdP entityID, the ``probe_saml_idp.sh`` script probes all browser
 
 ```Shell
 $ id=https://idp.incommonfederation.org/idp/shibboleth
-$ $BIN_DIR/probe_saml_idp.sh -a $id
-0 redirects:2;response:200;dns:0.000;tcp:0.062;ssl:0.141;total:1.047 https://idp.incommonfederation.org/idp/profile/SAML2/Redirect/SSO urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
-0 redirects:2;response:200;dns:0.000;tcp:0.062;ssl:0.149;total:1.140 https://idp.incommonfederation.org/idp/profile/SAML2/POST/SSO urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
-0 redirects:2;response:200;dns:0.000;tcp:0.062;ssl:0.142;total:1.070 https://idp.incommonfederation.org/idp/profile/Shibboleth/SSO urn:mace:shibboleth:1.0:profiles:AuthnRequest https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
+$ $BIN_DIR/probe_saml_idp.sh $id
+0 redirects:2;response:200;dns:0.000;tcp:0.038;ssl:0.086;total:1.016 https://idp.incommonfederation.org/idp/profile/SAML2/Redirect/SSO urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
+0 redirects:2;response:200;dns:0.000;tcp:0.038;ssl:0.088;total:0.737 https://idp.incommonfederation.org/idp/profile/SAML2/POST/SSO urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
+WARNING: get_sso_endpoint: entity has no SSO endpoint that supports the HTTP-POST-SimpleSign binding: https://idp.incommonfederation.org/idp/shibboleth
+0 redirects:2;response:200;dns:0.000;tcp:0.038;ssl:0.088;total:0.735 https://idp.incommonfederation.org/idp/profile/Shibboleth/SSO urn:mace:shibboleth:1.0:profiles:AuthnRequest https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
 ```
 
-The ``-a`` option probes **all** browser-facing endpoints, including SAML1 endpoints.
+By default, the script probes **all** browser-facing endpoints, including SAML1 endpoints. Use the ``-b`` option to probe a single endpoint with a particular binding.
 
 See the inline help file for details:
 

From 2a848ef2ea7522c281ef3ae2cff3c7dbaf62d822 Mon Sep 17 00:00:00 2001
From: Tom Scavo <trscavo@internet2.edu>
Date: Sun, 5 Mar 2017 12:19:55 -0500
Subject: [PATCH 3/3] Add example to overview section

---
 README.md | 65 +++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 44 insertions(+), 21 deletions(-)

diff --git a/README.md b/README.md
index 469a871..2f27551 100644
--- a/README.md
+++ b/README.md
@@ -75,6 +75,50 @@ saml_tools.sh
 
 ## Overview
 
+### ``probe_saml_idp.sh``
+
+Given a single IdP entityID, the ``probe_saml_idp.sh`` script probes all browser-facing SSO endpoints in IdP metadata.
+
+```Shell
+$ id=https://idp.incommonfederation.org/idp/shibboleth
+$ $BIN_DIR/probe_saml_idp.sh $id
+0 redirects:2;response:200;dns:0.000;tcp:0.038;ssl:0.086;total:1.016 https://idp.incommonfederation.org/idp/profile/SAML2/Redirect/SSO urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
+0 redirects:2;response:200;dns:0.000;tcp:0.038;ssl:0.088;total:0.737 https://idp.incommonfederation.org/idp/profile/SAML2/POST/SSO urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
+WARNING: get_sso_endpoint: entity has no SSO endpoint that supports the HTTP-POST-SimpleSign binding: https://idp.incommonfederation.org/idp/shibboleth
+0 redirects:2;response:200;dns:0.000;tcp:0.038;ssl:0.088;total:0.735 https://idp.incommonfederation.org/idp/profile/Shibboleth/SSO urn:mace:shibboleth:1.0:profiles:AuthnRequest https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
+```
+
+By default, the script probes **all** browser-facing endpoints, including SAML1 endpoints. Use the ``-b`` option to probe a single endpoint with a particular binding.
+
+See the inline help file for details:
+
+```Shell
+$ $BIN_DIR/probe_saml_idp.sh -h
+```
+
+### ``probe_saml_idps.sh``
+
+Given a list of IdP entityIDs, the ``probe_saml_idps.sh`` script probes one or more browser-facing SSO endpoints in each IdP entity descriptor.
+
+```Shell
+$ $BIN_DIR/probe_saml_idps.sh -t 6 <<ENTITY_IDs
+urn:mace:incommon:internet2.edu
+https://login.ligo.org/idp/shibboleth
+https://idp.ncsa.illinois.edu/idp/shibboleth
+ENTITY_IDs
+0 redirects:3;response:200;dns:0.070;tcp:0.107;ssl:0.303;total:0.833 https://origin.internet2.edu/idp/profile/SAML2/Redirect/SSO urn:mace:incommon:internet2.edu
+0 redirects:1;response:200;dns:0.000;tcp:0.000;ssl:0.000;total:0.797 https://login.ligo.org/idp/profile/SAML2/Redirect/SSO https://login.ligo.org/idp/shibboleth
+0 redirects:1;response:200;dns:0.000;tcp:0.038;ssl:0.093;total:1.075 https://idp.ncsa.illinois.edu/idp/profile/SAML2/Redirect/SSO https://idp.ncsa.illinois.edu/idp/shibboleth
+```
+
+By default, the script probes one endpoint per IdP, namely, the SAML2 HTTP-Redirect endpoint. By specifying an option on the command line, up to four (4) endpoints per IdP may be probed.
+
+See the inline help file for details:
+
+```Shell
+$ $BIN_DIR/probe_saml_idps.sh -h
+```
+
 ### ``check_idp_error_urls.sh``
 
 Given a list of entityIDs and a metadata source, bash script ``check_idp_error_urls.sh`` probes each entity and determines which of the entityIDs correspond to SAML IdP deployments. For each such deployment, the script determines whether it has an ``errorURL`` in metadata and whether or not that URL is resolvable. For example:
@@ -97,27 +141,6 @@ See the inline help file for details:
 $ $BIN_DIR/check_idp_error_urls.sh -h
 ```
 
-### ``probe_saml_idp.sh``
-
-Given a single IdP entityID, the ``probe_saml_idp.sh`` script probes all browser-facing SSO endpoints in IdP metadata.
-
-```Shell
-$ id=https://idp.incommonfederation.org/idp/shibboleth
-$ $BIN_DIR/probe_saml_idp.sh $id
-0 redirects:2;response:200;dns:0.000;tcp:0.038;ssl:0.086;total:1.016 https://idp.incommonfederation.org/idp/profile/SAML2/Redirect/SSO urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
-0 redirects:2;response:200;dns:0.000;tcp:0.038;ssl:0.088;total:0.737 https://idp.incommonfederation.org/idp/profile/SAML2/POST/SSO urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
-WARNING: get_sso_endpoint: entity has no SSO endpoint that supports the HTTP-POST-SimpleSign binding: https://idp.incommonfederation.org/idp/shibboleth
-0 redirects:2;response:200;dns:0.000;tcp:0.038;ssl:0.088;total:0.735 https://idp.incommonfederation.org/idp/profile/Shibboleth/SSO urn:mace:shibboleth:1.0:profiles:AuthnRequest https://idp.incommonfederation.org/idp/shibboleth https://incommon.org
-```
-
-By default, the script probes **all** browser-facing endpoints, including SAML1 endpoints. Use the ``-b`` option to probe a single endpoint with a particular binding.
-
-See the inline help file for details:
-
-```Shell
-$ $BIN_DIR/probe_saml_idp.sh -h
-```
-
 ## Compatibility
 
 The bash scripts are compatible with both GNU/Linux and Mac OS. The XSLT scripts are written in XSLT 1.0.