mirror of https://github.com/jacekkow/keycloak-protocol-cas

Jacek Kowalski
2022-03-23 461e1c1f749d8eaf02015073abff1bb8a20912bb
commit | author | age
33112b 1 #!/bin/bash
MP 2 set -e
3
de93e7 4 keycloak_cas_url='http://localhost:8080/realms/master/protocol/cas'
33112b 5 action_pattern='action="([^"]+)"'
MP 6 ticket_pattern='Location: .*\?ticket=(ST-[-A-Za-z0-9_.=]+)'
7
8 get_ticket() {
3882f0 9     local cookie_options="-b /tmp/cookies"
JK 10     if [ "$1" == "save_cookies" ]; then
11       cookie_options="${cookie_options} -c /tmp/cookies"
12     fi
13
14     local login_response=$(curl --fail --silent -c /tmp/cookies "${keycloak_cas_url}/login?service=http://localhost")
15     if [[ ! ($login_response =~ $action_pattern) ]] ; then
33112b 16         echo "Could not parse login form in response"
3882f0 17         echo "${login_response}"
33112b 18         exit 1
MP 19     fi
20
3882f0 21     local login_url=${BASH_REMATCH[1]//&/&}
JK 22     local redirect_response=$(curl --fail --silent -D - $cookie_options --data 'username=admin&password=admin' "$login_url")
23     if [[ ! ($redirect_response =~ $ticket_pattern) ]] ; then
33112b 24         echo "No service ticket found in response"
3882f0 25         echo "${redirect_response}"
33112b 26         exit 1
MP 27     fi
28
3882f0 29     echo "${BASH_REMATCH[1]}"
33112b 30 }
MP 31
3882f0 32 # CAS 1.0
JK 33 ticket=$(get_ticket)
34 curl --fail --silent "${keycloak_cas_url}/validate?service=http://localhost&ticket=$ticket"
33112b 35 echo
MP 36
3882f0 37 # CAS 2.0
JK 38 ticket=$(get_ticket)
39 curl --fail --silent "${keycloak_cas_url}/serviceValidate?service=http://localhost&format=XML&ticket=$ticket"
33112b 40 echo
MP 41
3882f0 42 ticket=$(get_ticket)
JK 43 curl --fail --silent "${keycloak_cas_url}/serviceValidate?service=http://localhost&format=JSON&ticket=$ticket"
33112b 44 echo
MP 45
3882f0 46 # CAS 3.0
JK 47 ticket=$(get_ticket save_cookies)
48 curl --fail --silent "${keycloak_cas_url}/p3/serviceValidate?service=http://localhost&format=JSON&ticket=$ticket"
33112b 49 echo
3882f0 50
JK 51 # CAS, gateway option
52 get_ticket save_cookies
53 login_response=$(curl --fail --silent -D - -b /tmp/cookies "${keycloak_cas_url}/login?service=http://localhost&gateway=true")
54 if echo "${login_response}" | grep '^Location: http://localhost\?ticket='; then
55     echo "Gateway option did not redirect back to service with ticket"
56     echo "${login_response}"
57     exit 1
58 fi
59
60 login_response=$(curl --fail --silent -D - "${keycloak_cas_url}/login?service=http://localhost&gateway=true")
61 if echo "${login_response}" | grep '^Location: http://localhost$'; then
62     echo "Gateway option did not redirect back to service without ticket"
63     echo "${login_response}"
64     exit 1
65 fi