Shin 0.2.0 - metadata, attributes, and SAML assertions

published on

Shin is an Elixir client for the Shibboleth IdP admin API.

The Shibboleth IdP has a variety of admin APIs that are often overlooked. For many administrators the only time they access the admin APIs is when using some of the tools bundled with the IdP, such as aacli or mdquery, which can sometimes be fiddly to use even on the same server as the IdP. Shin aims to offer the same functionality as the bundled admin scripts but as a full Elixir library suitable for use in scripts and web services.

The first release of Shin, last year, included functions for dealing with server metrics and reloading individual sub-services. This new release adds many new features: metadata queries and reloads, service status, attribute release queries and fetching simulated SAML assertions.

Shin is an Elixir package, available from with documentation online at You can see the Shin sourcecode at Github.

We’ve included a simple Livebook so you can easily try Shin with your own Shibboleth IdP:

Run in Livebook

(You can get Livebook here)

A Few Examples

Listing a user’s attribute data as released to an SP - this is similar to the script

{:ok, attr_data} = Shin.attributes(idp, "", "pete")
Shin.Attributes.values(attr_data, "eduPersonEntitlement")
# => ["urn:mace:dir:entitlement:common-lib-terms"]
#=> ["eduPersonEntitlement", "eduPersonPrincipalName", "eduPersonScopedAffiliation",
# "eduPersonUniqueID", "o"]

Viewing a simulated SAML2 assertion containing user attributes

{:ok, saml_assertion_xml} = Shin.assertion(idp, "", "pete")

Fetching an SP’s metadata (as with

{:ok, metadata_xml} = Shin.metadata(idp, "")


Post author