Newer
Older
#!/usr/bin/perl
## 18/07/2014, Olivier Salaün
## Command-line client for the Test IdP Account Manager
use strict;
use utf8;
use lib "/opt/testidp/IdPAccountManager/lib", ;
use lib "/opt/testidp/IdPAccountManager/conf";
renater.salaun
committed
use IdPAccountManager::SAMLMetadata;
use IdPAccountManager::ServiceProvider;
use IdPAccountManager::AuthenticationToken;
unless (&GetOptions(\%options, 'help', 'add_test_account', 'account_profile=s', 'sp_entityid=s', 'list_test_accounts', 'parse_federation_metadata',
'list_service_providers','list_authentication_tokens', 'get_authentication_token', 'add_authentication_token','email_address=s',
'token=s','send_notice','filter_expired','delete','add_service_provider','contacts=s','displayname=s')) {
die "Unknown options.";
}
if ($options{'help'}) {
printf "$0 --add_test_account --account_profile=<profile_id> --sp_entityid=<entityid>\n";
if ($options{'add_test_account'}) {
unless ($options{'account_profile'}) {
die "Missing account_profile option";
}
unless ($options{'sp_entityid'}) {
die "Missing sp_entityid option";
}
my $test_account = new IdPAccountManager::TestAccount(account_profile => $options{'account_profile'},
sp_entityid => $options{'sp_entityid'});
unless (defined $test_account) {
IdPAccountManager::Tools::do_log('error',"Failed to create test account");
exit -1;
unless ($test_account->save()) {
IdPAccountManager::Tools::do_log('error',"Failed to create test account");
exit -1;
}
printf "Account created:\n\tuserid: user%d\n\tpassword: %s\n", $test_account->get('id'), $test_account->get('user_password');
}elsif ($options{'list_test_accounts'}) {
my %args;
if ($options{'sp_entityid'}) {
push @{$args{'query'}}, 'sp_entityid' => $options{'sp_entityid'};
}
if ($options{'account_profile'}) {
push @{$args{'query'}}, 'account_profile' => $options{'account_profile'};
}
if ($options{'filter_expired'}) {
push @{$args{'query'}}, 'expiration_date' => {lt => time};
}
my $all = IdPAccountManager::TestAccount::list_test_accounts(%args);
if ($#{$all} < 0) {
printf "No matching test account in DB\n";
$test_account->print();
$test_account->delete || die if ($options{'delete'});
if ($options{'delete'}) {
printf "%d accounts removed\n", $#{$all}+1;
## Update simpleSamlPhp configuration file
printf "Update simpleSamlPhp configuration file...\n";
IdPAccountManager::Tools::update_ssp_authsources();
}
renater.salaun
committed
}elsif ($options{'parse_federation_metadata'}) {
my $federation_metadata = new IdPAccountManager::SAMLMetadata;
unless ($federation_metadata->load(federation_metadata_file_path => $Conf::global{'federation_metadata_file_path'})) {
renater.salaun
committed
die;
}
my %args;
if ($options{'sp_entityid'}) {
$args{'filter_entity_id'} = $options{'sp_entityid'};
}
unless ($federation_metadata->parse(%args)) {
renater.salaun
committed
die;
}
printf "Document %s parsed\n", $Conf::global{'federation_metadata_file_path'};
renater.salaun
committed
## List SAML entities
printf "Hashref representing the metadata:\n";
&IdPAccountManager::Tools::dump_var($federation_metadata->{'federation_metadata_as_hashref'}, 0, \*STDOUT);
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
}elsif ($options{'add_service_provider'}) {
unless ($options{'sp_entityid'}) {
die "Missing sp_entityid option";
}
unless ($options{'contacts'}) {
die "Missing contacts option";
}
## Check if entry already exists in DB first
my $service_provider = new IdPAccountManager::ServiceProvider(entityid => $options{'sp_entityid'});
if ($service_provider->load(speculative => 1)) {
printf "Entry for %s already in DB; update it with new data\n", $options{'sp_entityid'};
$service_provider->contacts($options{'contacts'});
$service_provider->displayname($options{'displayname'}) if ($options{'displayname'});
}else {
$service_provider = new IdPAccountManager::ServiceProvider(entityid => $options{'sp_entityid'},
contacts => $options{'contacts'},
displayname => $options{'displayname'});
unless (defined $service_provider) {
IdPAccountManager::Tools::do_log('error',"Failed to create service provider");
exit -1;
}
}
unless ($service_provider->save()) {
IdPAccountManager::Tools::do_log('error',"Failed to create service provider");
exit -1;
}
printf "Service Provider created:\n";
}elsif ($options{'list_service_providers'}) {
my %args;
my $all = IdPAccountManager::ServiceProvider::list_service_providers(%args);
if ($#{$all} < 0) {
printf "No service provider in DB\n";
}
foreach my $service_provider (@$all) {
$service_provider->print();
}
renater.salaun
committed
}elsif ($options{'list_authentication_tokens'}) {
my %args;
if ($options{'sp_entityid'}) {
push @{$args{'query'}}, 'sp_entityid' => $options{'sp_entityid'};
}
if ($options{'token'}) {
push @{$args{'query'}}, 'token' => $options{'token'};
}
if ($options{'filter_expired'}) {
push @{$args{'query'}}, 'creation_date' => {lt => time-($Conf::global{'tokens_validity_period'} * 3600)};
}
my $all = IdPAccountManager::AuthenticationToken::list_authentication_tokens(%args);
if ($#{$all} < 0) {
printf "No corresponding token found in DB\n";
}
foreach my $authentication_token (@$all) {
$authentication_token->print();
$authentication_token->delete || die if ($options{'delete'});
}
if ($options{'delete'}) {
printf "%d tokens removed\n", $#{$all}+1;
}
}elsif ($options{'get_authentication_token'}) {
my %args;
if ($options{'token'}) {
$args{'token'} = $options{'token'};
}
my $authentication_token = new IdPAccountManager::AuthenticationToken(%args);
unless ($authentication_token->load()) {
die "No corresponding token found in DB\n";
}
if ($options{'sp_entityid'}) {
unless ($authentication_token->get('sp_entityid') eq $options{'sp_entityid'}) {
die "Authentication token cannot be used for this SP\n";
}
}
$authentication_token->print();
}elsif ($options{'add_authentication_token'}) {
unless ($options{'email_address'}) {
die "Missing email_address option";
}
unless ($options{'sp_entityid'}) {
die "Missing sp_entityid option";
}
my $authentication_token = new IdPAccountManager::AuthenticationToken();
unless (defined $authentication_token) {
IdPAccountManager::Tools::do_log('error',"Failed to create token object");
exit -1;
}
unless ($authentication_token->set('email_address' => $options{'email_address'},
'sp_entityid' => $options{'sp_entityid'})) {
IdPAccountManager::Tools::do_log('error',"Failed to set token value");
exit -1;
}
unless ($authentication_token->save()) {
IdPAccountManager::Tools::do_log('error',"Failed to create token");
exit -1;
}
$authentication_token->print();
}elsif ($options{'send_notice'}) {
unless ($options{'email_address'}) {
die "Missing email_address option";
}
unless (&IdPAccountManager::Tools::mail_notice('template' => 'templates/mail/notification_generic_error.tt2.eml',
'data' => {},
'to' => $options{'email_address'})) {
die "Failed to send mail notice to $options{'email_address'}\n";
}
printf "Mail notice sent to $options{'email_address'}\n";
renater.salaun
committed
}else {
die "Missing arguments";
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
__END__
=head1 NAME
IdPAccountManager::Tools - Command line client to the Test Account manager
=head1 SYNOPSIS
./bin/account-manager-client.pl --list_authentication_tokens
=head1 DESCRIPTION
The Test Account manager instanciates test accounts associated to a SAML Identity Provider.
This script provides a command-line interface for most functions.
=head1 EXAMPLES
=over 8
=item C<account-manager-client.pl --add_test_account --account_profile=student1 --sp_entityid=https://test.federation.renater.fr/test/ressource>
Adds a new test account.
=item C<account-manager-client.pl --list_test_accounts --sp_entityid=https://test.federation.renater.fr/test/ressource --account_profile=student1>
List all test accounts. Criterias can be added to filter test accounts.
=item C<account-manager-client.pl --list_test_accounts --filter_expired>
List all expired test accounts.
=item C<account-manager-client.pl --list_test_accounts --filter_expired --delete>
Remove all expired test accounts from DB.
=item C<account-manager-client.pl --parse_federation_metadata>
Parses the SAML metadata file, as defined by the C<federation_metadata_file_path> configuration parameter.
=item C<account-manager-client.pl --list_authentication_tokens --sp_entityid=https://test.federation.renater.fr/test/ressource --token=dhj67sjJ>
List all authentication tokens. Criterias can be added to filter tokens.
=item C<account-manager-client.pl --list_authentication_tokens --filter_expired>
List all expired authentication tokens.
=item C<account-manager-client.pl --list_authentication_tokens --filter_expired --delete>
Remove all expired authentication tokens from DB.
=item C<account-manager-client.pl --get_authentication_token --token=dhj67sjJ>
Get informations on a token.
=item C<account-manager-client.pl --add_authentication_token --email_address=john@my.fqdn --sp_entityid=https://test.federation.renater.fr/test/ressource>
Adds a new test account.
=item C<account-manager-client.pl --send_notice --email_address=john@my.fqdn>
Sends a mail notice to the specified email address.
=item C<account-manager-client.pl --add_service_provider --sp_entityid=='https://test.federation.renater.fr/test/ressource --displayname='Test SP' --contacts=email1@dom,email2@dom>
Adds a new Service provider
=back
=head1 AUTHOR
Olivier Salaün (olivier.salaun@renater.fr)