commit | author | age
|
33112b
|
1 |
#!/bin/bash |
MP |
2 |
set -e |
|
3 |
|
de93e7
|
4 |
keycloak_cas_url='http://localhost:8080/realms/master/protocol/cas' |
33112b
|
5 |
action_pattern='action="([^"]+)"' |
eda11a
|
6 |
CURL="curl --fail --silent --verbose" |
33112b
|
7 |
|
MP |
8 |
get_ticket() { |
3882f0
|
9 |
local cookie_options="-b /tmp/cookies" |
9ed066
|
10 |
local ticket_pattern='Location: .*\?ticket=(ST-[-A-Za-z0-9_.=]+)' |
DR |
11 |
local client_url_param=service |
|
12 |
|
3882f0
|
13 |
if [ "$1" == "save_cookies" ]; then |
JK |
14 |
cookie_options="${cookie_options} -c /tmp/cookies" |
9ed066
|
15 |
elif [ "$1" == "SAML" ]; then |
DR |
16 |
ticket_pattern='Location: .*\?SAMLart=(ST-[-A-Za-z0-9_.=]+)' |
|
17 |
client_url_param=TARGET |
3882f0
|
18 |
fi |
JK |
19 |
|
eda11a
|
20 |
local login_response=$($CURL -c /tmp/cookies "${keycloak_cas_url}/login?${client_url_param}=http://localhost") |
3882f0
|
21 |
if [[ ! ($login_response =~ $action_pattern) ]] ; then |
33112b
|
22 |
echo "Could not parse login form in response" |
3882f0
|
23 |
echo "${login_response}" |
33112b
|
24 |
exit 1 |
MP |
25 |
fi |
|
26 |
|
3882f0
|
27 |
local login_url=${BASH_REMATCH[1]//&/&} |
eda11a
|
28 |
local redirect_response=$($CURL -D - $cookie_options --data 'username=admin&password=admin' "$login_url") |
3882f0
|
29 |
if [[ ! ($redirect_response =~ $ticket_pattern) ]] ; then |
33112b
|
30 |
echo "No service ticket found in response" |
3882f0
|
31 |
echo "${redirect_response}" |
33112b
|
32 |
exit 1 |
MP |
33 |
fi |
|
34 |
|
3882f0
|
35 |
echo "${BASH_REMATCH[1]}" |
33112b
|
36 |
} |
MP |
37 |
|
3882f0
|
38 |
# CAS 1.0 |
fcbc7c
|
39 |
echo "Testing CAS 1.0..." |
3882f0
|
40 |
ticket=$(get_ticket) |
eda11a
|
41 |
$CURL "${keycloak_cas_url}/validate?service=http://localhost&ticket=$ticket" |
33112b
|
42 |
echo |
MP |
43 |
|
3882f0
|
44 |
# CAS 2.0 |
fcbc7c
|
45 |
echo "Testing CAS 2.0 - XML..." |
3882f0
|
46 |
ticket=$(get_ticket) |
eda11a
|
47 |
$CURL "${keycloak_cas_url}/serviceValidate?service=http://localhost&format=XML&ticket=$ticket" |
33112b
|
48 |
echo |
MP |
49 |
|
fcbc7c
|
50 |
echo "Testing CAS 2.0 - JSON..." |
3882f0
|
51 |
ticket=$(get_ticket) |
eda11a
|
52 |
$CURL "${keycloak_cas_url}/serviceValidate?service=http://localhost&format=JSON&ticket=$ticket" |
33112b
|
53 |
echo |
MP |
54 |
|
3882f0
|
55 |
# CAS 3.0 |
fcbc7c
|
56 |
echo "Testing CAS 3.0..." |
3882f0
|
57 |
ticket=$(get_ticket save_cookies) |
eda11a
|
58 |
$CURL "${keycloak_cas_url}/p3/serviceValidate?service=http://localhost&format=JSON&ticket=$ticket" |
33112b
|
59 |
echo |
3882f0
|
60 |
|
9ed066
|
61 |
# SAML 1.1 |
fcbc7c
|
62 |
echo "Testing SAML 1.1..." |
9ed066
|
63 |
ticket=$(get_ticket SAML) |
DR |
64 |
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ") |
|
65 |
saml_template=$(dirname "$0")/samlValidateTemplate.xml |
|
66 |
sed -e "s/CAS_TICKET/$ticket/g" -e "s/TIMESTAMP/$timestamp/g" "$saml_template" \ |
eda11a
|
67 |
| $CURL -X POST -H "Content-Type: text/xml" \ |
9ed066
|
68 |
-H "SOAPAction: http://www.oasis-open.org/committees/security" \ |
DR |
69 |
--data-binary @- "${keycloak_cas_url}/samlValidate?TARGET=http://localhost" |
|
70 |
echo |
|
71 |
|
fcbc7c
|
72 |
# CAS - gateway option |
JK |
73 |
echo "Testing CAS - gateway option, stage 1..." |
3882f0
|
74 |
get_ticket save_cookies |
eda11a
|
75 |
login_response=$($CURL -D - -b /tmp/cookies "${keycloak_cas_url}/login?service=http://localhost&gateway=true") |
3882f0
|
76 |
if echo "${login_response}" | grep '^Location: http://localhost\?ticket='; then |
JK |
77 |
echo "Gateway option did not redirect back to service with ticket" |
|
78 |
echo "${login_response}" |
|
79 |
exit 1 |
|
80 |
fi |
|
81 |
|
fcbc7c
|
82 |
echo "Testing CAS - gateway option, stage 2..." |
eda11a
|
83 |
login_response=$($CURL -D - "${keycloak_cas_url}/login?service=http://localhost&gateway=true") |
3882f0
|
84 |
if echo "${login_response}" | grep '^Location: http://localhost$'; then |
JK |
85 |
echo "Gateway option did not redirect back to service without ticket" |
|
86 |
echo "${login_response}" |
|
87 |
exit 1 |
|
88 |
fi |