Recently CILogon announced support for SAML ECP, which allows users to authenticate and obtain a certificate on the command-line, completely outside the web browser. However, since SAML ECP is not (yet) widely adopted by InCommon members, it was not generally available -- until now. InCommon member ProtectNetwork now supports SAML ECP, so anyone can sign up for a ProtectNetwork account and obtain certificates from CILogon on the command-line. For example: $ curl -sO https://cilogon.org/ecp.pl
$ perl ecp.pl --get cert -c create -k userkey.pem -o usercert.pem -t 12
Select an Identity Provider (IdP):
1> CILogon Test IdP
2> LTER Network
3> ProtectNetwork
4> University of Chicago
5> University of Washington
6> Specify the URL of another IdP
Choose [1]: 3
Enter a username for the Identity Provider: jbasney
Enter a password for the Identity Provider: ********
$ openssl x509 -subject -noout < usercert.pem
subject= /DC=org/DC=cilogon/C=US/O=ProtectNetwork/CN=Jim Basney A685
| 
