GridShib SAML Tools
Version 0.2.0 Technology Preview 1
July 30, 2007

Welcome to GridShib!

GridShib is an NSF-funded project to integrate Globus Toolkit^® and Shibboleth.^® Visit the GridShib web site (http://gridshib.globus.org/) for background information about the GridShib Project.

GridShib distributes four software components:

1. GridShib for Globus Toolkit
2. GridShib for Shibboleth
3. GridShib Certificate Authority
4. GridShib SAML Tools

With both GridShib for Globus Toolkit and GridShib for Shibboleth installed, Globus Toolkit may securely request attributes from the Attribute Authority component of a Shibboleth Identity Provider. Visit the GridShib web site for more information about these and other GridShib software components.

This readme file accompanies the GridShib SAML Tools. For detailed instructions how to install this component, see the Installation Notes included with this distribution.

The GridShib SAML Tools issue or request SAML assertions and optionally bind these assertions to X.509 proxy certificates. The toolbox consists of the following components:

1. SAML Assertion Issuer Tool
2. SAML Attribute Query Client
3. SAML X.509 Binding Tool
4. Globus SAML Library

The SAML Assertion Issuer Tool self-issues a SAML assertion and optionally binds this assertion to an X.509 proxy certificate. The assertion can include up to two statements (an AuthenticationStatement and/or AttributeStatement). A significant feature of this tool is its ability to leverage a fully configured Shibboleth attribute resolver (to be bundled with a later version of this software).

The SAML Attribute Query Client queries a SAML Attribute Authority (AA) for attributes. The Client validates the SAML Response and outputs the attribute assertion. Like the SAML Assertion Issuer Tool, the SAML Attribute Query Client optionally binds this assertion to an X.509 proxy certificate.

Important features of the GridShib SAML Tools are:

• easy installation and flexible configuration
• command-line interface with shell script wrappers (UNIX and Windows)
• dual output options (SAML or X.509)
• leverages Globus SAML Library (included with this distribution)
• Java API for portal developers (in version 0.2.0)

GridShib SAML Tools is a standalone software package. The only requirements are Java and Ant. The popular tool openssl is useful (for inspecting the contents of certificates) but not required.

Please review the licensing terms of the GridShib License before using this software. GridShib is licensed under the Apache License, Version 2.0. Additional licensing information will be found on the GridShib Downloads page.

Globus Toolkit (http://www.globus.org/toolkit/) is an open-source toolkit for grid computing. Shibboleth (http://shibboleth.internet2.edu/) is an open-source implementation of the SAML browser profiles. Globus Toolkit^® and Shibboleth^® are registered trademarks of the University of Chicago and Internet2, respectively.