Módosítások

AA Testing

1 786 bájt hozzáadva, 2017. szeptember 15., 21:36
Source: Add argument for AA cert, remove redundancy
You need a valid principal (eduPersonPrincipalName) and the X.509 credentials of an existing Service Provider to use this script.
----== Source ==
<source lang="bash">
 
#!/bin/bash
 
basedir=$(dirname $0)
# URL of the Attribute Authority
# Testing principal (subject)
Principal="bajnokk@niif.hu"
# HEXAA cert
AACert="$basedir/home/bajnokkkeys/hexaa.eduid.hu-aa.crt"
# EntityID and credentials of the SP on behalf of which
# the request is made
ReqSP="https://devsp.aaihexaa.niifeduid.hu/shibbolethtest"ReqCert="$basedir/etckeys/shibboleth/devtest.sp.aaihexaa.niifeduid.hu.shibboleth-fed.crt"ReqKey="$basedir/etckeys/shibboleth/devtest.sp.aaihexaa.niifeduid.hu-fed.key"  usage () { cat <<EOSUsage: $0 [options] Options: -a uri Attribute Authority URI.shibbolethDefaults to '$AA_URI' -C certfile Attribute Authority metadata certificate in PEM format. Defaults to '$AACert'. -p principal Testing principal (user name / subject). Defaults to '$Principal'. -s entity EntityID of the SP on behalf of which the request is made.Defaults to '$ReqSP' -k keyfile Key file in PEM format containing the keyof the SP used for the request. Defaults to '$ReqKey' -c certfile Cert file in PEM format containing the certificate of the SP used for the request. Defaults to '$ReqCert'EOS exit 3}
# Get command line arguments
while getopts "a:p:s:k:c:h" opt; do
case $opt in
a)
AA_URI=$OPTARG
;;
C)
AACert=$OPTARG
;;
p)
Principal=$OPTARG
;;
s)
ReqSP=$OPTARG
;;
k)
ReqKey=$OPTARG
;;
c)
ReqCert=$OPTARG
;;
h)
usage
;;
\?)
usage
;;
esac
done
DATE=$(date --utc +%FT%TZ)
echo "$REQ_XML" | \
curl --silent --show-error --cacert $AACert --cert $ReqCert --key $ReqKey \
--header "Content-Type: text/xml;charset=UTF-8" --data @- $AA_URI
</source>
 
== Validation of response ==
Signature validation:
xmlsec1 --verify --id-attr:ID "urn:oasis:names:tc:SAML:2.0:protocol:Response" --trusted-pem $aacert $response 2>/dev/null
 
Content validation:
xmllint --xpath "//*[local-name()='Attribute'][@Name='$attribute']/*[local-name()='AttributeValue']/text()" $response
[[Category: HOWTO]]
A lap eredeti címe: „https://wiki.niif.hu/index.php?title=Speciális:MobileDiff/4155...4217

Navigációs menü