-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
113 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,11 +1,16 @@ | ||
| #!/bin/sh | ||
| echo \# run the following commands replacing name with the IDP name (if needed) | ||
| echo | ||
| echo aws iam create-saml-provider --saml-metadata-document file://login.at.internet2.edu-metadata.xml --name login.at.internet2.edu | ||
| echo | ||
| echo \# edit shibpolicy.json and replace the ARN with the ARN of the new account | ||
| echo | ||
| echo aws iam create-role --role-name administrator --assume-role-policy-document file://shibpolicy.json | ||
| echo aws iam attach-role-policy --role-name administrator --policy-arn arn:aws:iam::aws:policy/AdministratorAccess | ||
| echo aws iam create-role --role-name readonly --assume-role-policy-document file://shibpolicy.json | ||
| echo aws iam attach-role-policy --role-name readonly --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess | ||
|
|
||
| [ $# -eq 0 ] && { echo "Usage: $0 name_of_idp "; exit 1; } | ||
|
|
||
|
|
||
| aws iam create-saml-provider --saml-metadata-document file://idp.xml --name $1 | ||
| if [ $? -ne -1 ] | ||
| then | ||
| echo "creation failed, read the readme and make sure you have an IAM role to perform this action" | ||
| exit 1 | ||
| fi | ||
|
|
||
| aws iam create-role --role-name administrator --assume-role-policy-document file://shibpolicy.json | ||
| aws iam attach-role-policy --role-name administrator --policy-arn arn:aws:iam::aws:policy/AdministratorAccess | ||
| aws iam create-role --role-name readonly --assume-role-policy-document file://shibpolicy.json | ||
| aws iam attach-role-policy --role-name readonly --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,98 @@ | ||
| <?xml version="1.0" encoding="UTF-8" standalone="no"?><EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="INC20170306T193623" Name="urn:mace:incommon:icmp" validUntil="2020-03-20T19:36:23Z"><ds:Signature> | ||
| <ds:SignedInfo> | ||
| <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> | ||
| <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> | ||
| <ds:Reference URI="#INC20170306T193623"> | ||
| <ds:Transforms> | ||
| <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> | ||
| <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> | ||
| </ds:Transforms> | ||
| <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> | ||
| <ds:DigestValue>KFGoVa3yW3VcpskjMYEfcFE68snoapGjMYuesNpzcO4=</ds:DigestValue> | ||
| </ds:Reference> | ||
| </ds:SignedInfo> | ||
| <ds:SignatureValue> | ||
| Es3REEYMqE+2JLhqo0mpFZvERjT9ihKPK2PMvCWDbL5Yov2YuixS9z+isoCB2cmkjQreCN0f0/mB | ||
| v+wLtq7myFBDDIo+EkfYUMVHHixOfIyXUO7i8xWv32Xgi9aDAQ3MXQ0Uawwb3/iS8Ha5MxKwKeIh | ||
| MlpvH9jhKN0FcprJ2Ynxx54wYSQ32BpsHCK5N9dTDkYk6/qtJyvecudtOilqQVq1W8dS6XPE7OZe | ||
| UVuj057ke3lZbLBnMjNYeYjZ5HGvryMudNwXng0YonLZrruxv6OF6jhcM/Apo9Ya3eQkDI9aS6Bx | ||
| pwSw9nanNcdlloclUOo8JMtpx6Mcag8h/wt9Hw== | ||
| </ds:SignatureValue> | ||
| <ds:KeyInfo> | ||
| <ds:KeyValue> | ||
| <ds:RSAKeyValue> | ||
| <ds:Modulus> | ||
| yXcrwe0GSiJxBEp3SYXeTGztL+JxToGKWmCZ7qQyiLHK4NeVdcTjoJGRRjukVQWA7c78zvxRrdED | ||
| F/GfNj7WjKBYjE8/eZTpmyVOTA9ya0u+/4vYGbo5GvBv4dcCBLZd+4Tl77ZAG40/x5rtzMy34sfr | ||
| FdkiMWGz9eln3ed/aOOBnXfC1vIzy7rGc2JSYssgNThJuY5C78qVcnOcOFjiCiQKFWjC549zAxVf | ||
| GoiU5HK02eGk3N/6BMpnekGLIR/NPnXvNQJvAV2Nl7LvK5g6CsWZhxsASKzLeqCCh1EbHBFHQ1NH | ||
| eUj3dcpKLCg2L8NKsZBk1jES0lldhW5843L+Gw== | ||
| </ds:Modulus> | ||
| <ds:Exponent>AQAB</ds:Exponent> | ||
| </ds:RSAKeyValue> | ||
| </ds:KeyValue> | ||
| <ds:X509Data> | ||
| <ds:X509Certificate> | ||
| MIIDqzCCApOgAwIBAgIJAIkIlHj+D7gRMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMREw | ||
| DwYDVQQIDAhNaWNoaWdhbjESMBAGA1UEBwwJQW5uIEFyYm9yMRIwEAYDVQQKDAlJbnRlcm5ldDIx | ||
| IjAgBgNVBAMMGW1ldGFkYXRhLmF0LmludGVybmV0Mi5lZHUwHhcNMTcxMDExMTQxNTU0WhcNMjcx | ||
| MDA5MTQxNTU0WjBsMQswCQYDVQQGEwJVUzERMA8GA1UECAwITWljaGlnYW4xEjAQBgNVBAcMCUFu | ||
| biBBcmJvcjESMBAGA1UECgwJSW50ZXJuZXQyMSIwIAYDVQQDDBltZXRhZGF0YS5hdC5pbnRlcm5l | ||
| dDIuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXcrwe0GSiJxBEp3SYXeTGzt | ||
| L+JxToGKWmCZ7qQyiLHK4NeVdcTjoJGRRjukVQWA7c78zvxRrdEDF/GfNj7WjKBYjE8/eZTpmyVO | ||
| TA9ya0u+/4vYGbo5GvBv4dcCBLZd+4Tl77ZAG40/x5rtzMy34sfrFdkiMWGz9eln3ed/aOOBnXfC | ||
| 1vIzy7rGc2JSYssgNThJuY5C78qVcnOcOFjiCiQKFWjC549zAxVfGoiU5HK02eGk3N/6BMpnekGL | ||
| IR/NPnXvNQJvAV2Nl7LvK5g6CsWZhxsASKzLeqCCh1EbHBFHQ1NHeUj3dcpKLCg2L8NKsZBk1jES | ||
| 0lldhW5843L+GwIDAQABo1AwTjAdBgNVHQ4EFgQUNeFjfxOm0XN5ABaT8XjjsG/zF08wHwYDVR0j | ||
| BBgwFoAUNeFjfxOm0XN5ABaT8XjjsG/zF08wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC | ||
| AQEARqaz3wRevCKTqCmq/cpIgRlqdLZIoZNAdnq7RGmPmBBV1pIj9Z/mwSZjwZ/1Jex+Z+Llwo+X | ||
| J47c+Mnq6e/nBKVfFNDwQd8P+/BRkXnSen5QzDNtOZkS7JzRULGKIaQ76cry+uofaKlOMrKL1h2Y | ||
| zYGnl8unkIEUwj/CJ6JnwyBm8m4/esrYe40dfv+8y7uegPvmY0YmZ+O4NN4+BI+hA+4KF2hW+7vl | ||
| xJi2sx0+PKh4v73gVsEenJTALpyxXCNcKubXfHutll2murLAePnXFR2dcspemVby62b64smmf5PN | ||
| nglyKd3iSqrFRL4LhHNUkhy4OnZeLYFXizIu6dgURQ== | ||
| </ds:X509Certificate> | ||
| </ds:X509Data> | ||
| </ds:KeyInfo> | ||
| </ds:Signature> | ||
|
|
||
| <!-- Google proxy from Cirrus Identity --> | ||
| <md:EntityDescriptor entityID="https://google.cirrusidentity.com/gateway"> | ||
| <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> | ||
| <Extensions> | ||
| <shibmd:Scope regexp="false">google.com</shibmd:Scope> | ||
| <mdui:UIInfo> | ||
| <mdui:DisplayName xml:lang="en">Google Gateway</mdui:DisplayName> | ||
| </mdui:UIInfo> | ||
| </Extensions> | ||
| <md:KeyDescriptor use="signing"> | ||
| <ds:KeyInfo> | ||
| <ds:X509Data> | ||
| <ds:X509Certificate>MIIECDCCAvACCQDG6tQKXONUEzANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEDAOBgNVBAcTB09ha2xhbmQxHjAcBgNVBAoTFUNpcnJ1cyBJZGVudGl0eSwgSW5jLjEgMB4GA1UECxMXQ2lycnVzIElkZW50aXR5IEdhdGV3YXkxIjAgBgNVBAMTGWdvb2dsZS5jaXJydXNpZGVudGl0eS5jb20xKTAnBgkqhkiG9w0BCQEWGnN1cHBvcnRAY2lycnVzaWRlbnRpdHkuY29tMB4XDTE0MDEwOTE2MzUzNloXDTM0MDEwODE2MzUzNlowgcUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRAwDgYDVQQHEwdPYWtsYW5kMR4wHAYDVQQKExVDaXJydXMgSWRlbnRpdHksIEluYy4xIDAeBgNVBAsTF0NpcnJ1cyBJZGVudGl0eSBHYXRld2F5MSIwIAYDVQQDExlnb29nbGUuY2lycnVzaWRlbnRpdHkuY29tMSkwJwYJKoZIhvcNAQkBFhpzdXBwb3J0QGNpcnJ1c2lkZW50aXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNGjc5vM/ZP5uZLH3merv21m5y3CYOKJ1ZVolBlu/6FL0ssYbORtzHdX8PuUZ6WdVW9w55ORE9A+2edFUB1lRj5BGJwfW0A6TbKfPNtrc3IxkcRFpJHAf4ew6WNXtCL/UdvXP2e3it8GxP6Gl5r6HZXL3GPmYPlkEMsNsWLkmWDKCheYd+tbIZvcKnFcDUH2UGNCpMkQmfzHyFm9D02eCwY2K17Y1UzxQpHonrSQv/afPmF0O5eXFiHXu/27cyzCxTAWI5NjN/5RcYgYLF4tjsv9aBc+Tm9oKH7CfvB/D13GTWj+vwmuVlk/RyWYO7tsd79jMcTk9h8tzoEhjqa7IsCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAJ0Zx87ITJt+Uuks7AzC83uheOKUwH88sSa6XsdRNYtmXplWfxUAQn/eiZ8Fzj/nb+2udhK1oPmAltDmel6qM5BcTaAv7k9D2Gvi3QrTt1czS1m3rOwN7FU3RkIJhG32CVJNMnYkzK+JSMYFOpHoZQy46Fn66onBqwCG7aYTNr5uOzG0hdM7K3RSF5PHeXjY7X63crgL2BNtlHhPR0ZFRPcYuWFzRdYV5+1Gu5qdSLcFMmIX2DlZn5vpcQBEPCEyMe+o0tBFSMeeUFjlOVrmF28hMwdsmwYc68dn7Bw9yjHlp7/nhRtrKRrjj4+/1Zybc/EeVBn9ccka+o2a4ubqRjQ==</ds:X509Certificate> | ||
| </ds:X509Data> | ||
| </ds:KeyInfo> | ||
| </md:KeyDescriptor> | ||
| <md:KeyDescriptor use="encryption"> | ||
| <ds:KeyInfo> | ||
| <ds:X509Data> | ||
| <ds:X509Certificate>MIIECDCCAvACCQDG6tQKXONUEzANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEDAOBgNVBAcTB09ha2xhbmQxHjAcBgNVBAoTFUNpcnJ1cyBJZGVudGl0eSwgSW5jLjEgMB4GA1UECxMXQ2lycnVzIElkZW50aXR5IEdhdGV3YXkxIjAgBgNVBAMTGWdvb2dsZS5jaXJydXNpZGVudGl0eS5jb20xKTAnBgkqhkiG9w0BCQEWGnN1cHBvcnRAY2lycnVzaWRlbnRpdHkuY29tMB4XDTE0MDEwOTE2MzUzNloXDTM0MDEwODE2MzUzNlowgcUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRAwDgYDVQQHEwdPYWtsYW5kMR4wHAYDVQQKExVDaXJydXMgSWRlbnRpdHksIEluYy4xIDAeBgNVBAsTF0NpcnJ1cyBJZGVudGl0eSBHYXRld2F5MSIwIAYDVQQDExlnb29nbGUuY2lycnVzaWRlbnRpdHkuY29tMSkwJwYJKoZIhvcNAQkBFhpzdXBwb3J0QGNpcnJ1c2lkZW50aXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNGjc5vM/ZP5uZLH3merv21m5y3CYOKJ1ZVolBlu/6FL0ssYbORtzHdX8PuUZ6WdVW9w55ORE9A+2edFUB1lRj5BGJwfW0A6TbKfPNtrc3IxkcRFpJHAf4ew6WNXtCL/UdvXP2e3it8GxP6Gl5r6HZXL3GPmYPlkEMsNsWLkmWDKCheYd+tbIZvcKnFcDUH2UGNCpMkQmfzHyFm9D02eCwY2K17Y1UzxQpHonrSQv/afPmF0O5eXFiHXu/27cyzCxTAWI5NjN/5RcYgYLF4tjsv9aBc+Tm9oKH7CfvB/D13GTWj+vwmuVlk/RyWYO7tsd79jMcTk9h8tzoEhjqa7IsCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAJ0Zx87ITJt+Uuks7AzC83uheOKUwH88sSa6XsdRNYtmXplWfxUAQn/eiZ8Fzj/nb+2udhK1oPmAltDmel6qM5BcTaAv7k9D2Gvi3QrTt1czS1m3rOwN7FU3RkIJhG32CVJNMnYkzK+JSMYFOpHoZQy46Fn66onBqwCG7aYTNr5uOzG0hdM7K3RSF5PHeXjY7X63crgL2BNtlHhPR0ZFRPcYuWFzRdYV5+1Gu5qdSLcFMmIX2DlZn5vpcQBEPCEyMe+o0tBFSMeeUFjlOVrmF28hMwdsmwYc68dn7Bw9yjHlp7/nhRtrKRrjj4+/1Zybc/EeVBn9ccka+o2a4ubqRjQ==</ds:X509Certificate> | ||
| </ds:X509Data> | ||
| </ds:KeyInfo> | ||
| </md:KeyDescriptor> | ||
| <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://google.cirrusidentity.com/idp/SSOService/HTTP-Redirect"/> | ||
| </IDPSSODescriptor> | ||
| <Organization> | ||
| <OrganizationName xml:lang="en">Google Gateway</OrganizationName> | ||
| <OrganizationDisplayName xml:lang="en">Google Gateway</OrganizationDisplayName> | ||
| <OrganizationURL xml:lang="en">https://www.cirrusidentity.com</OrganizationURL> | ||
| </Organization> | ||
| <md:ContactPerson contactType="technical"> | ||
| <md:SurName>Support</md:SurName> | ||
| <md:EmailAddress>support@cirrusidentity.com</md:EmailAddress> | ||
| </md:ContactPerson> | ||
| </md:EntityDescriptor> | ||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
| </EntitiesDescriptor> |