„AA Testing” változatai közötti eltérés
(creation) |
(Nincs különbség)
|
A lap 2017. június 9., 03:23-kori változata
The following shell script uses curl to query a SAML2 Attribute Authority.
You need a valid principal (eduPersonPrincipalName) and the X.509 credentials of an existing Service Provider to use this script.
#!/bin/bash
# URL of the Attribute Authority
AA_URI="https://hexaa.eduid.hu:8443/simplesaml/module.php/aa/attributeserver.php"
# Testing principal (subject)
Principal=bajnokk@niif.hu
# HEXAA cert
AACert=/home/bajnokk/hexaa.eduid.hu-aa.crt
# EntityID and credentials of the SP on behalf of which
# the request is made
ReqSP="https://dev.aai.niif.hu/shibboleth"
ReqCert=/etc/shibboleth/dev.aai.niif.hu.shibboleth.crt
ReqKey=/etc/shibboleth/dev.aai.niif.hu.shibboleth.key
DATE=$(date --utc +%FT%TZ)
ReqID=$(hexdump -n 16 -e '4/4 "%08x" 1 "\n"' /dev/urandom)
read -r -d '' REQ_XML <<EOS
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<samlp:AttributeQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_$ReqID" IssueInstant="$DATE" Version="2.0">
<saml:Issuer>$ReqSP</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oid:1.3.6.1.4.1.5923.1.1.1.6">$Principal</saml:NameID>
</saml:Subject>
</samlp:AttributeQuery>
</S:Body>
</S:Envelope>
EOS
#debug echo "$REQ_XML"
echo "$REQ_XML" | \
curl --cacert $AACert --cert $ReqCert --key $ReqKey \
--header "Content-Type: text/xml;charset=UTF-8" --data @- $AA_URI