Newer
Older
#!/usr/bin/perl
## 18/07/2014, Olivier Salaün
## Command-line client for the Test IdP Account Manager
use strict;
use utf8;
use lib "/opt/testidp/IdPAccountManager/lib", ;
use lib "/opt/testidp/IdPAccountManager/conf";
renater.salaun
committed
use IdPAccountManager::SAMLMetadata;
use IdPAccountManager::ServiceProvider;
use IdPAccountManager::AuthenticationToken;
unless (&GetOptions(\%options, 'help', 'add_test_account', 'account_profile=s', 'sp_entityid=s', 'list_test_accounts', 'parse_federation_metadata',
'list_service_providers','list_authentication_tokens', 'get_authentication_token', 'add_authentication_token','email_address=s',
'token=s','send_notice')) {
die "Unknown options.";
}
if ($options{'help'}) {
printf "$0 --add_test_account --account_profile=<profile_id> --sp_entityid=<entityid>\n";
if ($options{'add_test_account'}) {
unless ($options{'account_profile'}) {
die "Missing account_profile option";
}
unless ($options{'sp_entityid'}) {
die "Missing sp_entityid option";
}
my $test_account = new IdPAccountManager::TestAccount(account_profile => $options{'account_profile'},
sp_entityid => $options{'sp_entityid'});
unless (defined $test_account) {
IdPAccountManager::Tools::do_log('error',"Failed to create test account");
exit -1;
unless ($test_account->save()) {
IdPAccountManager::Tools::do_log('error',"Failed to create test account");
exit -1;
}
printf "Account created:\n\tuserid: user%d\n\tpassword: %s\n", $test_account->get('id'), $test_account->get('user_password');
}elsif ($options{'list_test_accounts'}) {
my %args;
if ($options{'sp_entityid'}) {
push @{$args{'query'}}, 'sp_entityid' => $options{'sp_entityid'};
}
if ($options{'account_profile'}) {
push @{$args{'query'}}, 'account_profile' => $options{'account_profile'};
}
my $all = IdPAccountManager::TestAccount::list_test_accounts(%args);
if ($#{$all} < 0) {
printf "No test account in DB\n";
}
$test_account->print();
renater.salaun
committed
}elsif ($options{'parse_federation_metadata'}) {
my $federation_metadata = new IdPAccountManager::SAMLMetadata;
unless ($federation_metadata->load(federation_metadata_file_path => $Conf::global{'federation_metadata_file_path'})) {
renater.salaun
committed
die;
}
my %args;
if ($options{'sp_entityid'}) {
$args{'filter_entity_id'} = $options{'sp_entityid'};
}
unless ($federation_metadata->parse(%args)) {
renater.salaun
committed
die;
}
printf "Document %s parsed\n", $Conf::global{'federation_metadata_file_path'};
renater.salaun
committed
## List SAML entities
printf "Hashref representing the metadata:\n";
&IdPAccountManager::Tools::dump_var($federation_metadata->{'federation_metadata_as_hashref'}, 0, \*STDOUT);
}elsif ($options{'list_service_providers'}) {
my %args;
my $all = IdPAccountManager::ServiceProvider::list_service_providers(%args);
if ($#{$all} < 0) {
printf "No service provider in DB\n";
}
foreach my $service_provider (@$all) {
$service_provider->print();
}
renater.salaun
committed
}elsif ($options{'list_authentication_tokens'}) {
my %args;
if ($options{'sp_entityid'}) {
push @{$args{'query'}}, 'sp_entityid' => $options{'sp_entityid'};
}
if ($options{'token'}) {
push @{$args{'query'}}, 'token' => $options{'token'};
}
my $all = IdPAccountManager::AuthenticationToken::list_authentication_tokens(%args);
if ($#{$all} < 0) {
printf "No corresponding token found in DB\n";
}
foreach my $authentication_token (@$all) {
$authentication_token->print();
}
}elsif ($options{'get_authentication_token'}) {
my %args;
if ($options{'token'}) {
$args{'token'} = $options{'token'};
}
my $authentication_token = new IdPAccountManager::AuthenticationToken(%args);
unless ($authentication_token->load()) {
die "No corresponding token found in DB\n";
}
if ($options{'sp_entityid'}) {
unless ($authentication_token->get('sp_entityid') eq $options{'sp_entityid'}) {
die "Authentication token cannot be used for this SP\n";
}
}
$authentication_token->print();
}elsif ($options{'add_authentication_token'}) {
unless ($options{'email_address'}) {
die "Missing email_address option";
}
unless ($options{'sp_entityid'}) {
die "Missing sp_entityid option";
}
my $authentication_token = new IdPAccountManager::AuthenticationToken();
unless (defined $authentication_token) {
IdPAccountManager::Tools::do_log('error',"Failed to create token object");
exit -1;
}
unless ($authentication_token->set('email_address' => $options{'email_address'},
'sp_entityid' => $options{'sp_entityid'})) {
IdPAccountManager::Tools::do_log('error',"Failed to set token value");
exit -1;
}
unless ($authentication_token->save()) {
IdPAccountManager::Tools::do_log('error',"Failed to create token");
exit -1;
}
$authentication_token->print();
}elsif ($options{'send_notice'}) {
unless ($options{'email_address'}) {
die "Missing email_address option";
}
unless (&IdPAccountManager::Tools::mail_notice('template' => 'templates/mail/notification_generic_error.tt2.eml',
'data' => {},
'to' => $options{'email_address'})) {
die "Failed to send mail notice to $options{'email_address'}\n";
}
printf "Mail notice sent to $options{'email_address'}\n";
renater.salaun
committed
}else {
die "Missing arguments";
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
__END__
=head1 NAME
IdPAccountManager::Tools - Command line client to the Test Account manager
=head1 SYNOPSIS
./bin/account-manager-client.pl --list_authentication_tokens
=head1 DESCRIPTION
The Test Account manager instanciates test accounts associated to a SAML Identity Provider.
This script provides a command-line interface for most functions.
=head1 EXAMPLES
=over 8
=item C<account-manager-client.pl --add_test_account --account_profile=student1 --sp_entityid=https://test.federation.renater.fr/test/ressource>
Adds a new test account.
=item C<account-manager-client.pl --list_test_accounts --sp_entityid=https://test.federation.renater.fr/test/ressource --account_profile=student1>
List all test accounts. Criterias can be added to filter test accounts.
=item C<account-manager-client.pl --parse_federation_metadata>
Parses the SAML metadata file, as defined by the C<federation_metadata_file_path> configuration parameter.
=item C<account-manager-client.pl --list_authentication_tokens --sp_entityid=https://test.federation.renater.fr/test/ressource --token=dhj67sjJ>
List all authentication tokens. Criterias can be added to filter tokens.
=item C<account-manager-client.pl --get_authentication_token --token=dhj67sjJ>
Get informations on a token.
=item C<account-manager-client.pl --add_authentication_token --email_address=john@my.fqdn --sp_entityid=https://test.federation.renater.fr/test/ressource>
Adds a new test account.
=item C<account-manager-client.pl --send_notice ----email_address=john@my.fqdn>
Sends a mail notice to the specified email address.
=back
=head1 AUTHOR
Olivier Salaün (olivier.salaun@renater.fr)