Newer
Older
renater.salaun
committed
## Copyright (c) GEANT
## This software was developed by RENATER. The research leading to these results has received funding
## from the European Community¹s Seventh Framework Programme (FP7/2007-2013) under grant agreement nº 238875 (GÉANT).
## 18/07/2014, Olivier Salaün
## Command-line client for the Test IdP Account Manager
use strict;
use utf8;
use lib "/opt/testidp/IdPAccountManager/lib",;
use lib "/opt/testidp/IdPAccountManager/conf";
use Getopt::Long qw(:config auto_help);
renater.salaun
committed
use IdPAccountManager::SAMLMetadata;
use IdPAccountManager::ServiceProvider;
use IdPAccountManager::AuthenticationToken;
unless (
&GetOptions(
\%options, 'add_test_account',
'account_profile=s', 'sp_entityid=s',
'list_test_accounts', 'parse_federation_metadata',
'list_service_providers', 'list_authentication_tokens',
'get_authentication_token', 'add_authentication_token',
'email_address=s', 'token=s',
'send_notice', 'filter_expired',
'delete', 'add_service_provider',
'contacts=s', 'displayname=s'
)
)
{
if ($options{'add_test_account'}) {
unless ($options{'account_profile'}) {
die "Missing account_profile option";
}
unless ($options{'sp_entityid'}) {
die "Missing sp_entityid option";
}
my $test_account = new IdPAccountManager::TestAccount(
account_profile => $options{'account_profile'},
sp_entityid => $options{'sp_entityid'}
);
IdPAccountManager::Tools::do_log('error',
"Failed to create test account");
exit -1;
unless ($test_account->save()) {
IdPAccountManager::Tools::do_log('error',
"Failed to create test account");
printf "Account created:\n\tuserid: user%d\n\tpassword: %s\n",
$test_account->get('id'), $test_account->get('user_password');
} elsif ($options{'list_test_accounts'}) {
my %args;
if ($options{'sp_entityid'}) {
push @{ $args{'query'} }, 'sp_entityid' => $options{'sp_entityid'};
push @{ $args{'query'} },
'account_profile' => $options{'account_profile'};
if ($options{'filter_expired'}) {
push @{ $args{'query'} }, 'expiration_date' => { lt => time };
my $all = IdPAccountManager::TestAccount::list_test_accounts(%args);
if ($#{$all} < 0) {
printf "No matching test account in DB\n";
$test_account->print();
$test_account->delete || die if ($options{'delete'});
if ($options{'delete'}) {
printf "%d accounts removed\n", $#{$all} + 1;
## Update simpleSamlPhp configuration file
printf "Update simpleSamlPhp configuration file...\n";
IdPAccountManager::Tools::update_ssp_authsources();
}
} elsif ($options{'parse_federation_metadata'}) {
renater.salaun
committed
my $federation_metadata = new IdPAccountManager::SAMLMetadata;
unless (
$federation_metadata->load(
federation_metadata_file_path =>
$Conf::global{'federation_metadata_file_path'}
)
)
{
renater.salaun
committed
die;
}
my %args;
if ($options{'sp_entityid'}) {
$args{'filter_entity_id'} = $options{'sp_entityid'};
}
unless ($federation_metadata->parse(%args)) {
renater.salaun
committed
die;
}
printf "Document %s parsed\n",
$Conf::global{'federation_metadata_file_path'};
renater.salaun
committed
## List SAML entities
printf "Hashref representing the metadata:\n";
&IdPAccountManager::Tools::dump_var(
$federation_metadata->{'federation_metadata_as_hashref'},
0, \*STDOUT);
} elsif ($options{'add_service_provider'}) {
unless ($options{'sp_entityid'}) {
die "Missing sp_entityid option";
}
unless ($options{'contacts'}) {
die "Missing contacts option";
}
## Check if entry already exists in DB first
my $service_provider =
new IdPAccountManager::ServiceProvider(
entityid => $options{'sp_entityid'});
if ($service_provider->load(speculative => 1)) {
printf "Entry for %s already in DB; update it with new data\n",
$options{'sp_entityid'};
$service_provider->contacts($options{'contacts'});
$service_provider->displayname($options{'displayname'})
if ($options{'displayname'});
} else {
$service_provider = new IdPAccountManager::ServiceProvider(
entityid => $options{'sp_entityid'},
contacts => $options{'contacts'},
displayname => $options{'displayname'}
);
unless (defined $service_provider) {
IdPAccountManager::Tools::do_log('error',
"Failed to create service provider");
exit -1;
unless ($service_provider->save()) {
IdPAccountManager::Tools::do_log('error',
"Failed to create service provider");
printf "Service Provider created:\n";
} elsif ($options{'list_service_providers'}) {
my %args;
my $all = IdPAccountManager::ServiceProvider::list_service_providers(%args);
if ($#{$all} < 0) {
printf "No service provider in DB\n";
}
foreach my $service_provider (@$all) {
$service_provider->print();
}
} elsif ($options{'list_authentication_tokens'}) {
my %args;
if ($options{'sp_entityid'}) {
push @{ $args{'query'} }, 'sp_entityid' => $options{'sp_entityid'};
}
if ($options{'token'}) {
push @{ $args{'query'} }, 'token' => $options{'token'};
push @{ $args{'query'} }, 'creation_date' =>
{ lt => time - ($Conf::global{'tokens_validity_period'} * 3600) };
my $all =
IdPAccountManager::AuthenticationToken::list_authentication_tokens(%args);
if ($#{$all} < 0) {
printf "No corresponding token found in DB\n";
foreach my $authentication_token (@$all) {
$authentication_token->print();
$authentication_token->delete || die if ($options{'delete'});
printf "%d tokens removed\n", $#{$all} + 1;
}
} elsif ($options{'get_authentication_token'}) {
my %args;
if ($options{'token'}) {
$args{'token'} = $options{'token'};
}
my $authentication_token =
new IdPAccountManager::AuthenticationToken(%args);
unless ($authentication_token->load()) {
die "No corresponding token found in DB\n";
}
if ($options{'sp_entityid'}) {
unless ($authentication_token->get('sp_entityid') eq
$options{'sp_entityid'})
{
die "Authentication token cannot be used for this SP\n";
}
}
$authentication_token->print();
} elsif ($options{'add_authentication_token'}) {
unless ($options{'email_address'}) {
die "Missing email_address option";
unless ($options{'sp_entityid'}) {
die "Missing sp_entityid option";
}
my $authentication_token = new IdPAccountManager::AuthenticationToken(
'email_address' => $options{'email_address'},
'sp_entityid' => $options{'sp_entityid'}
);
unless (defined $authentication_token) {
IdPAccountManager::Tools::do_log('error',
"Failed to create token object");
exit -1;
## First remove token if on exist for this email+SP
if ($authentication_token->load()) {
unless ($authentication_token->delete()) {
IdPAccountManager::Tools::do_log('error', "Failed to delete token");
exit -1;
}
$authentication_token = new IdPAccountManager::AuthenticationToken(
'email_address' => $options{'email_address'},
'sp_entityid' => $options{'sp_entityid'}
);
unless (defined $authentication_token) {
IdPAccountManager::Tools::do_log('error',
"Failed to create token object");
exit -1;
}
}
unless ($authentication_token->save()) {
IdPAccountManager::Tools::do_log('error', "Failed to create token");
exit -1;
}
$authentication_token->print();
unless ($options{'email_address'}) {
die "Missing email_address option";
}
unless (
&IdPAccountManager::Tools::mail_notice(
'template' => 'templates/mail/notification_generic_error.tt2.eml',
'data' => {},
'to' => $options{'email_address'}
)
)
{
die "Failed to send mail notice to $options{'email_address'}\n";
}
printf "Mail notice sent to $options{'email_address'}\n";
renater.salaun
committed
die "Missing arguments";
__END__
=head1 NAME
account-manager-client.pl - Command line client to the Test Account manager
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
B<account-manager-client.pl> B<--add_test_account>
S<B<--account_profile> I<string>>
S<B<--sp_entityid> I<string>>
B<account-manager-client.pl> B<--list_test_accounts>
S<[B<--account_profile> I<string>]>
S<[B<--sp_entityid> I<string>]>
[B<--filter_expired>]
[B<--delete>]
B<account-manager-client.pl> B<--parse_federation_metadata>
S<[B<--sp_entityid> I<string>]>
B<account-manager-client.pl> B<--add_service_provider>
S<B<--sp_entityid> I<string>>
S<B<--contact> I<string>>
S<[B<--displayname> I<string>]>
B<account-manager-client.pl> B<--list_service_providers>
B<account-manager-client.pl> B<--list_authentication_tokens>
S<B<--sp_entityid> I<string>>
S<[B<--token> I<string>]>
[B<--filter_expired>]
[B<--delete>]
B<account-manager-client.pl> B<--get_authentication_token>
S<B<--sp_entityid> I<string>>
S<[B<--token> I<string>]>
B<account-manager-client.pl> B<--add_authentication_token>
S<B<--sp_entityid> I<string>>
S<B<--email_address> I<string>>
B<account-manager-client.pl> B<--send_notice>
S<B<--email_address> I<string>>
The Test Account manager instanciates test accounts associated to a SAML
Identity Provider. This script provides a command-line interface for most
functions.
$> account-manager-client.pl --add_test_account \
--sp_entityid=https://test.federation.renater.fr/test/ressource
--account_profile=student1 \
$> account-manager-client.pl --list_test_accounts \
--sp_entityid=https://test.federation.renater.fr/test/ressource \
--account_profile=student1
List all test accounts. Criterias can be added to filter test accounts.
$> account-manager-client.pl --list_test_accounts --filter_expired
List all expired test accounts.
$> account-manager-client.pl --list_test_accounts --filter_expired \
--delete
Remove all expired test accounts from DB.
$> account-manager-client.pl --parse_federation_metadata
Parses the SAML metadata file, as defined by the
C<federation_metadata_file_path> configuration parameter.
$> account-manager-client.pl --list_authentication_tokens \
--sp_entityid=https://test.federation.renater.fr/test/ressource \
--token=dhj67sjJ
List all authentication tokens. Criterias can be added to filter tokens.
$> account-manager-client.pl --list_authentication_tokens \
--filter_expired
List all expired authentication tokens.
$> account-manager-client.pl --list_authentication_tokens \
--filter_expired --delete
Remove all expired authentication tokens from DB.
$> account-manager-client.pl --get_authentication_token \
--token=dhj67sjJ
Get informations on a token.
$> account-manager-client.pl --add_authentication_token \
--email_address=john@my.fqdn \
--sp_entityid=https://test.federation.renater.fr/test/ressource
$> account-manager-client.pl --send_notice --email_address=john@my.fqdn
Sends a mail notice to the specified email address.
$> account-manager-client.pl --add_service_provider \
--sp_entityid=='https://test.federation.renater.fr/test/ressource _
--displayname='Test SP' --contacts=email1@dom,email2@dom
Adds a new Service provider
Olivier Salaün (olivier.salaun@renater.fr)
=head1 LICENSE
renater.salaun
committed
Copyright (c) GEANT
This software was developed by RENATER. The research leading to these results has received funding
from the European Community¹s Seventh Framework Programme (FP7/2007-2013) under grant agreement nº 238875 (GÉANT).