Módosítások

AA Testing

1 514 bájt hozzáadva, 2017. június 9., 02:23
creation
The following shell script uses ''curl'' to query a SAML2 Attribute Authority.

You need a valid principal (eduPersonPrincipalName) and the X.509 credentials of an existing Service Provider to use this script.

----

<source lang="bash">
#!/bin/bash

# URL of the Attribute Authority
AA_URI="https://hexaa.eduid.hu:8443/simplesaml/module.php/aa/attributeserver.php"

# Testing principal (subject)
Principal=bajnokk@niif.hu

# HEXAA cert
AACert=/home/bajnokk/hexaa.eduid.hu-aa.crt

# EntityID and credentials of the SP on behalf of which
# the request is made
ReqSP="https://dev.aai.niif.hu/shibboleth"
ReqCert=/etc/shibboleth/dev.aai.niif.hu.shibboleth.crt
ReqKey=/etc/shibboleth/dev.aai.niif.hu.shibboleth.key


DATE=$(date --utc +%FT%TZ)
ReqID=$(hexdump -n 16 -e '4/4 "%08x" 1 "\n"' /dev/urandom)


read -r -d '' REQ_XML <<EOS
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<samlp:AttributeQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_$ReqID" IssueInstant="$DATE" Version="2.0">
<saml:Issuer>$ReqSP</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oid:1.3.6.1.4.1.5923.1.1.1.6">$Principal</saml:NameID>
</saml:Subject>
</samlp:AttributeQuery>
</S:Body>
</S:Envelope>
EOS

#debug echo "$REQ_XML"

echo "$REQ_XML" | \
curl --cacert $AACert --cert $ReqCert --key $ReqKey \
--header "Content-Type: text/xml;charset=UTF-8" --data @- $AA_URI
</source>
[[Category: HOWTO]]

Navigációs menü