AA Testing

The following shell script uses curl to query a SAML2 Attribute Authority.

You need a valid principal (eduPersonPrincipalName) and the X.509 credentials of an existing Service Provider to use this script.

Validation of response
Signature validation: xmlsec1 --verify --id-attr:ID "urn:oasis:names:tc:SAML:2.0:protocol:Response" --trusted-pem $aacert $response 2>/dev/null

Content validation: xmllint --xpath "//*[local-name='Attribute'][@Name='$attribute']/*[local-name='AttributeValue']/text" $response