Parse SAML 2.0 Federation Metadata with Bash and XPath to get IdP Issuer URI, IdP SSO URL, and IdP Signature Certificate (as a DER-formatted file called idpSigCert.der)

parse-metadata

#!/bin/bash
fileOption="$1"
metadataFile="${fileOption:=FederationMetadata.xml}"
idpIssuerId=$(xpath "${metadataFile}" "/*[local-name()='EntityDescriptor']/@entityID" 2>/dev/null)
idpSsoUrl=$(xpath "${metadataFile}" "/*[local-name()='EntityDescriptor']/*[local-name()='IDPSSODescriptor']/*[local-name()='SingleSignOnService' and @Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']/@Location" 2>/dev/null)
xpath "${metadataFile}" "/*[local-name()='EntityDescriptor']/*[local-name()='IDPSSODescriptor']/*[local-name()='KeyDescriptor' and @use='signing']/*[local-name()='KeyInfo']/*[local-name()='X509Data']/*[local-name()='X509Certificate']/text()" | base64 --decode > idpSigCert.der 2> /dev/null
cat <<EOF
SAML Protocol Configuration
idpIssuerId=${idpIssuerId}
idpSsoUrl=${idpSsoUrl}
idpSigCert=$(realpath idpSigCert.der)
EOF