mirror of https://github.com/jacekkow/keycloak-protocol-cas

Jacek Kowalski
2024-06-21 51ba7cad2a01f917a926570c66293e8aab9e5d5d
commit | author | age
33112b 1 #!/bin/bash
MP 2 set -e
3
de93e7 4 keycloak_cas_url='http://localhost:8080/realms/master/protocol/cas'
33112b 5 action_pattern='action="([^"]+)"'
a09b1b 6 CURL="curl --fail --silent --verbose"
33112b 7
MP 8 get_ticket() {
3882f0 9     local cookie_options="-b /tmp/cookies"
9ed066 10     local ticket_pattern='Location: .*\?ticket=(ST-[-A-Za-z0-9_.=]+)'
DR 11     local client_url_param=service
12
3882f0 13     if [ "$1" == "save_cookies" ]; then
JK 14       cookie_options="${cookie_options} -c /tmp/cookies"
9ed066 15     elif [ "$1" == "SAML" ]; then
DR 16       ticket_pattern='Location: .*\?SAMLart=(ST-[-A-Za-z0-9_.=]+)'
17       client_url_param=TARGET
3882f0 18     fi
JK 19
a09b1b 20     local login_response=$($CURL -c /tmp/cookies "${keycloak_cas_url}/login?${client_url_param}=http://localhost")
3882f0 21     if [[ ! ($login_response =~ $action_pattern) ]] ; then
33112b 22         echo "Could not parse login form in response"
3882f0 23         echo "${login_response}"
33112b 24         exit 1
MP 25     fi
26
3882f0 27     local login_url=${BASH_REMATCH[1]//&/&}
a09b1b 28     local redirect_response=$($CURL -D - $cookie_options --data 'username=admin&password=admin' "$login_url")
3882f0 29     if [[ ! ($redirect_response =~ $ticket_pattern) ]] ; then
33112b 30         echo "No service ticket found in response"
3882f0 31         echo "${redirect_response}"
33112b 32         exit 1
MP 33     fi
34
3882f0 35     echo "${BASH_REMATCH[1]}"
33112b 36 }
MP 37
3882f0 38 # CAS 1.0
2f9934 39 echo "Testing CAS 1.0..."
3882f0 40 ticket=$(get_ticket)
a09b1b 41 $CURL "${keycloak_cas_url}/validate?service=http://localhost&ticket=$ticket"
33112b 42 echo
MP 43
3882f0 44 # CAS 2.0
2f9934 45 echo "Testing CAS 2.0 - XML..."
3882f0 46 ticket=$(get_ticket)
a09b1b 47 $CURL "${keycloak_cas_url}/serviceValidate?service=http://localhost&format=XML&ticket=$ticket"
33112b 48 echo
MP 49
2f9934 50 echo "Testing CAS 2.0 - JSON..."
3882f0 51 ticket=$(get_ticket)
a09b1b 52 $CURL "${keycloak_cas_url}/serviceValidate?service=http://localhost&format=JSON&ticket=$ticket"
33112b 53 echo
MP 54
3882f0 55 # CAS 3.0
2f9934 56 echo "Testing CAS 3.0..."
3882f0 57 ticket=$(get_ticket save_cookies)
a09b1b 58 $CURL "${keycloak_cas_url}/p3/serviceValidate?service=http://localhost&format=JSON&ticket=$ticket"
33112b 59 echo
3882f0 60
9ed066 61 # SAML 1.1
2f9934 62 echo "Testing SAML 1.1..."
9ed066 63 ticket=$(get_ticket SAML)
DR 64 timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
65 saml_template=$(dirname "$0")/samlValidateTemplate.xml
66 sed -e "s/CAS_TICKET/$ticket/g" -e "s/TIMESTAMP/$timestamp/g" "$saml_template" \
a09b1b 67   | $CURL -X POST -H "Content-Type: text/xml" \
9ed066 68       -H "SOAPAction: http://www.oasis-open.org/committees/security" \
DR 69       --data-binary @- "${keycloak_cas_url}/samlValidate?TARGET=http://localhost"
70 echo
71
2f9934 72 # CAS - gateway option
JK 73 echo "Testing CAS - gateway option, stage 1..."
3882f0 74 get_ticket save_cookies
a09b1b 75 login_response=$($CURL -D - -b /tmp/cookies "${keycloak_cas_url}/login?service=http://localhost&gateway=true")
3882f0 76 if echo "${login_response}" | grep '^Location: http://localhost\?ticket='; then
JK 77     echo "Gateway option did not redirect back to service with ticket"
78     echo "${login_response}"
79     exit 1
80 fi
81
2f9934 82 echo "Testing CAS - gateway option, stage 2..."
a09b1b 83 login_response=$($CURL -D - "${keycloak_cas_url}/login?service=http://localhost&gateway=true")
3882f0 84 if echo "${login_response}" | grep '^Location: http://localhost$'; then
JK 85     echo "Gateway option did not redirect back to service without ticket"
86     echo "${login_response}"
87     exit 1
88 fi