mirror of https://github.com/jacekkow/keycloak-protocol-cas
blame | history | raw
github-actions
2025-10-01 51faf16c53cace0913660aaa669808a862b38ee0 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

#!/bin/bash


set -e


 


keycloak_cas_url='http://localhost:8080/realms/master/protocol/cas'


action_pattern='action="([^"]+)"'


CURL="curl --fail --silent --verbose"


 


get_ticket() {


    local cookie_options="-b /tmp/cookies"


    local ticket_pattern='Location: .*\?ticket=(ST-[-A-Za-z0-9_.=]+)'


    local client_url_param=service


 


    if [ "$1" == "save_cookies" ]; then


      cookie_options="${cookie_options} -c /tmp/cookies"


    elif [ "$1" == "SAML" ]; then


      ticket_pattern='Location: .*\?SAMLart=(ST-[-A-Za-z0-9_.=]+)'


      client_url_param=TARGET


    fi


 


    local login_response=$($CURL -c /tmp/cookies "${keycloak_cas_url}/login?${client_url_param}=http://localhost")


    if [[ ! ($login_response =~ $action_pattern) ]] ; then


        echo "Could not parse login form in response"


        echo "${login_response}"


        exit 1


    fi


 


    local login_url=${BASH_REMATCH[1]//&/&}


    local redirect_response=$($CURL -D - $cookie_options --data 'username=admin&password=admin' "$login_url")


    if [[ ! ($redirect_response =~ $ticket_pattern) ]] ; then


        echo "No service ticket found in response"


        echo "${redirect_response}"


        exit 1


    fi


 


    echo "${BASH_REMATCH[1]}"


}


 


# CAS 1.0


echo "Testing CAS 1.0..."


ticket=$(get_ticket)


$CURL "${keycloak_cas_url}/validate?service=http://localhost&ticket=$ticket"


echo


 


# CAS 2.0


echo "Testing CAS 2.0 - XML..."


ticket=$(get_ticket)


$CURL "${keycloak_cas_url}/serviceValidate?service=http://localhost&format=XML&ticket=$ticket"


echo


 


echo "Testing CAS 2.0 - JSON..."


ticket=$(get_ticket)


$CURL "${keycloak_cas_url}/serviceValidate?service=http://localhost&format=JSON&ticket=$ticket"


echo


 


# CAS 3.0


echo "Testing CAS 3.0..."


ticket=$(get_ticket save_cookies)


$CURL "${keycloak_cas_url}/p3/serviceValidate?service=http://localhost&format=JSON&ticket=$ticket"


echo


 


# SAML 1.1


echo "Testing SAML 1.1..."


ticket=$(get_ticket SAML)


timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")


saml_template=$(dirname "$0")/samlValidateTemplate.xml


sed -e "s/CAS_TICKET/$ticket/g" -e "s/TIMESTAMP/$timestamp/g" "$saml_template" \


  | $CURL -X POST -H "Content-Type: text/xml" \


      -H "SOAPAction: http://www.oasis-open.org/committees/security" \


      --data-binary @- "${keycloak_cas_url}/samlValidate?TARGET=http://localhost"


echo


 


# CAS - gateway option


echo "Testing CAS - gateway option, stage 1..."


get_ticket save_cookies


login_response=$($CURL -D - -b /tmp/cookies "${keycloak_cas_url}/login?service=http://localhost&gateway=true")


if echo "${login_response}" | grep '^Location: http://localhost\?ticket='; then


    echo "Gateway option did not redirect back to service with ticket"


    echo "${login_response}"


    exit 1


fi


 


echo "Testing CAS - gateway option, stage 2..."


login_response=$($CURL -D - "${keycloak_cas_url}/login?service=http://localhost&gateway=true")


if echo "${login_response}" | grep '^Location: http://localhost$'; then


    echo "Gateway option did not redirect back to service without ticket"


    echo "${login_response}"


    exit 1


fi