Shin 0.2.0 - metadata, attributes, and SAML assertions
published on
Shin is an Elixir client for the Shibboleth IdP admin API.
The Shibboleth IdP has a variety of admin APIs that are often overlooked. For many administrators the only time they
access the admin APIs is when using some of the tools bundled with the IdP, such as aacli
or mdquery
, which can
sometimes be fiddly to use even on the same server as the IdP. Shin aims to offer the same functionality as the
bundled admin scripts but as a full Elixir library suitable for use in scripts and web services.
The first release of Shin, last year, included functions for dealing with server metrics and reloading individual sub-services. This new release adds many new features: metadata queries and reloads, service status, attribute release queries and fetching simulated SAML assertions.
Shin is an Elixir package, available from Hex.pm with documentation online at HexDocs.pm. You can see the Shin sourcecode at Github.
We’ve included a simple Livebook so you can easily try Shin with your own Shibboleth IdP:
(You can get Livebook here)
A Few Examples
Listing a user’s attribute data as released to an SP - this is similar to the aacli.sh
script
{:ok, attr_data} = Shin.attributes(idp, "https://test.ukfederation.org.uk/entity", "pete")
Shin.Attributes.values(attr_data, "eduPersonEntitlement")
# => ["urn:mace:dir:entitlement:common-lib-terms"]
Shin.Attributes.names(attr_data)
#=> ["eduPersonEntitlement", "eduPersonPrincipalName", "eduPersonScopedAffiliation",
# "eduPersonUniqueID", "o"]
Viewing a simulated SAML2 assertion containing user attributes
{:ok, saml_assertion_xml} = Shin.assertion(idp, "https://test.ukfederation.org.uk/entity", "pete")
Fetching an SP’s metadata (as with mdquery.sh
)
{:ok, metadata_xml} = Shin.metadata(idp, "https://test.ukfederation.org.uk/entity")
Tagged: