mirror of https://github.com/jacekkow/keycloak-protocol-cas

Jacek Kowalski
2023-11-24 2f9934958370d5d1d1543e304aad060bf764778a
commit | author | age
33112b 1 #!/bin/bash
MP 2 set -e
3
de93e7 4 keycloak_cas_url='http://localhost:8080/realms/master/protocol/cas'
33112b 5 action_pattern='action="([^"]+)"'
MP 6
7 get_ticket() {
3882f0 8     local cookie_options="-b /tmp/cookies"
9ed066 9     local ticket_pattern='Location: .*\?ticket=(ST-[-A-Za-z0-9_.=]+)'
DR 10     local client_url_param=service
11
3882f0 12     if [ "$1" == "save_cookies" ]; then
JK 13       cookie_options="${cookie_options} -c /tmp/cookies"
9ed066 14     elif [ "$1" == "SAML" ]; then
DR 15       ticket_pattern='Location: .*\?SAMLart=(ST-[-A-Za-z0-9_.=]+)'
16       client_url_param=TARGET
3882f0 17     fi
JK 18
9ed066 19     local login_response=$(curl --fail --silent -c /tmp/cookies "${keycloak_cas_url}/login?${client_url_param}=http://localhost")
3882f0 20     if [[ ! ($login_response =~ $action_pattern) ]] ; then
33112b 21         echo "Could not parse login form in response"
3882f0 22         echo "${login_response}"
33112b 23         exit 1
MP 24     fi
25
3882f0 26     local login_url=${BASH_REMATCH[1]//&/&}
JK 27     local redirect_response=$(curl --fail --silent -D - $cookie_options --data 'username=admin&password=admin' "$login_url")
28     if [[ ! ($redirect_response =~ $ticket_pattern) ]] ; then
33112b 29         echo "No service ticket found in response"
3882f0 30         echo "${redirect_response}"
33112b 31         exit 1
MP 32     fi
33
3882f0 34     echo "${BASH_REMATCH[1]}"
33112b 35 }
MP 36
3882f0 37 # CAS 1.0
2f9934 38 echo "Testing CAS 1.0..."
3882f0 39 ticket=$(get_ticket)
JK 40 curl --fail --silent "${keycloak_cas_url}/validate?service=http://localhost&ticket=$ticket"
33112b 41 echo
MP 42
3882f0 43 # CAS 2.0
2f9934 44 echo "Testing CAS 2.0 - XML..."
3882f0 45 ticket=$(get_ticket)
JK 46 curl --fail --silent "${keycloak_cas_url}/serviceValidate?service=http://localhost&format=XML&ticket=$ticket"
33112b 47 echo
MP 48
2f9934 49 echo "Testing CAS 2.0 - JSON..."
3882f0 50 ticket=$(get_ticket)
JK 51 curl --fail --silent "${keycloak_cas_url}/serviceValidate?service=http://localhost&format=JSON&ticket=$ticket"
33112b 52 echo
MP 53
3882f0 54 # CAS 3.0
2f9934 55 echo "Testing CAS 3.0..."
3882f0 56 ticket=$(get_ticket save_cookies)
JK 57 curl --fail --silent "${keycloak_cas_url}/p3/serviceValidate?service=http://localhost&format=JSON&ticket=$ticket"
33112b 58 echo
3882f0 59
9ed066 60 # SAML 1.1
2f9934 61 echo "Testing SAML 1.1..."
9ed066 62 ticket=$(get_ticket SAML)
DR 63 timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
64 saml_template=$(dirname "$0")/samlValidateTemplate.xml
65 sed -e "s/CAS_TICKET/$ticket/g" -e "s/TIMESTAMP/$timestamp/g" "$saml_template" \
66   | curl --fail --silent -X POST -H "Content-Type: text/xml" \
67       -H "SOAPAction: http://www.oasis-open.org/committees/security" \
68       --data-binary @- "${keycloak_cas_url}/samlValidate?TARGET=http://localhost"
69 echo
70
2f9934 71 # CAS - gateway option
JK 72 echo "Testing CAS - gateway option, stage 1..."
3882f0 73 get_ticket save_cookies
JK 74 login_response=$(curl --fail --silent -D - -b /tmp/cookies "${keycloak_cas_url}/login?service=http://localhost&gateway=true")
75 if echo "${login_response}" | grep '^Location: http://localhost\?ticket='; then
76     echo "Gateway option did not redirect back to service with ticket"
77     echo "${login_response}"
78     exit 1
79 fi
80
2f9934 81 echo "Testing CAS - gateway option, stage 2..."
3882f0 82 login_response=$(curl --fail --silent -D - "${keycloak_cas_url}/login?service=http://localhost&gateway=true")
JK 83 if echo "${login_response}" | grep '^Location: http://localhost$'; then
84     echo "Gateway option did not redirect back to service without ticket"
85     echo "${login_response}"
86     exit 1
87 fi