Newer
Older
#!/usr/bin/perl
## 18/07/2014, Olivier Salaün
## Command-line client for the Test IdP Account Manager
use strict;
use utf8;
use lib "/opt/testidp/IdPAccountManager/lib", ;
use lib "/opt/testidp/IdPAccountManager/conf";
renater.salaun
committed
use IdPAccountManager::SAMLMetadata;
use IdPAccountManager::ServiceProvider;
use IdPAccountManager::AuthenticationToken;
unless (&GetOptions(\%options, 'help', 'add_test_account', 'account_profile=s', 'sp_entityid=s', 'list_test_accounts', 'parse_federation_metadata',
'list_service_providers','list_authentication_tokens', 'get_authentication_token', 'add_authentication_token','email_address=s',
'token=s','send_notice','filter_expired','delete')) {
die "Unknown options.";
}
if ($options{'help'}) {
printf "$0 --add_test_account --account_profile=<profile_id> --sp_entityid=<entityid>\n";
if ($options{'add_test_account'}) {
unless ($options{'account_profile'}) {
die "Missing account_profile option";
}
unless ($options{'sp_entityid'}) {
die "Missing sp_entityid option";
}
my $test_account = new IdPAccountManager::TestAccount(account_profile => $options{'account_profile'},
sp_entityid => $options{'sp_entityid'});
unless (defined $test_account) {
IdPAccountManager::Tools::do_log('error',"Failed to create test account");
exit -1;
unless ($test_account->save()) {
IdPAccountManager::Tools::do_log('error',"Failed to create test account");
exit -1;
}
printf "Account created:\n\tuserid: user%d\n\tpassword: %s\n", $test_account->get('id'), $test_account->get('user_password');
}elsif ($options{'list_test_accounts'}) {
my %args;
if ($options{'sp_entityid'}) {
push @{$args{'query'}}, 'sp_entityid' => $options{'sp_entityid'};
}
if ($options{'account_profile'}) {
push @{$args{'query'}}, 'account_profile' => $options{'account_profile'};
}
if ($options{'filter_expired'}) {
push @{$args{'query'}}, 'expiration_date' => {lt => time};
}
my $all = IdPAccountManager::TestAccount::list_test_accounts(%args);
if ($#{$all} < 0) {
printf "No matching test account in DB\n";
$test_account->print();
$test_account->delete || die if ($options{'delete'});
if ($options{'delete'}) {
printf "%d accounts removed\n", $#{$all}+1;
## Update simpleSamlPhp configuration file
printf "Update simpleSamlPhp configuration file...\n";
IdPAccountManager::Tools::update_ssp_authsources();
}
renater.salaun
committed
}elsif ($options{'parse_federation_metadata'}) {
my $federation_metadata = new IdPAccountManager::SAMLMetadata;
unless ($federation_metadata->load(federation_metadata_file_path => $Conf::global{'federation_metadata_file_path'})) {
renater.salaun
committed
die;
}
my %args;
if ($options{'sp_entityid'}) {
$args{'filter_entity_id'} = $options{'sp_entityid'};
}
unless ($federation_metadata->parse(%args)) {
renater.salaun
committed
die;
}
printf "Document %s parsed\n", $Conf::global{'federation_metadata_file_path'};
renater.salaun
committed
## List SAML entities
printf "Hashref representing the metadata:\n";
&IdPAccountManager::Tools::dump_var($federation_metadata->{'federation_metadata_as_hashref'}, 0, \*STDOUT);
}elsif ($options{'list_service_providers'}) {
my %args;
my $all = IdPAccountManager::ServiceProvider::list_service_providers(%args);
if ($#{$all} < 0) {
printf "No service provider in DB\n";
}
foreach my $service_provider (@$all) {
$service_provider->print();
}
renater.salaun
committed
}elsif ($options{'list_authentication_tokens'}) {
my %args;
if ($options{'sp_entityid'}) {
push @{$args{'query'}}, 'sp_entityid' => $options{'sp_entityid'};
}
if ($options{'token'}) {
push @{$args{'query'}}, 'token' => $options{'token'};
}
my $all = IdPAccountManager::AuthenticationToken::list_authentication_tokens(%args);
if ($#{$all} < 0) {
printf "No corresponding token found in DB\n";
}
foreach my $authentication_token (@$all) {
$authentication_token->print();
}
}elsif ($options{'get_authentication_token'}) {
my %args;
if ($options{'token'}) {
$args{'token'} = $options{'token'};
}
my $authentication_token = new IdPAccountManager::AuthenticationToken(%args);
unless ($authentication_token->load()) {
die "No corresponding token found in DB\n";
}
if ($options{'sp_entityid'}) {
unless ($authentication_token->get('sp_entityid') eq $options{'sp_entityid'}) {
die "Authentication token cannot be used for this SP\n";
}
}
$authentication_token->print();
}elsif ($options{'add_authentication_token'}) {
unless ($options{'email_address'}) {
die "Missing email_address option";
}
unless ($options{'sp_entityid'}) {
die "Missing sp_entityid option";
}
my $authentication_token = new IdPAccountManager::AuthenticationToken();
unless (defined $authentication_token) {
IdPAccountManager::Tools::do_log('error',"Failed to create token object");
exit -1;
}
unless ($authentication_token->set('email_address' => $options{'email_address'},
'sp_entityid' => $options{'sp_entityid'})) {
IdPAccountManager::Tools::do_log('error',"Failed to set token value");
exit -1;
}
unless ($authentication_token->save()) {
IdPAccountManager::Tools::do_log('error',"Failed to create token");
exit -1;
}
$authentication_token->print();
}elsif ($options{'send_notice'}) {
unless ($options{'email_address'}) {
die "Missing email_address option";
}
unless (&IdPAccountManager::Tools::mail_notice('template' => 'templates/mail/notification_generic_error.tt2.eml',
'data' => {},
'to' => $options{'email_address'})) {
die "Failed to send mail notice to $options{'email_address'}\n";
}
printf "Mail notice sent to $options{'email_address'}\n";
renater.salaun
committed
}else {
die "Missing arguments";
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
__END__
=head1 NAME
IdPAccountManager::Tools - Command line client to the Test Account manager
=head1 SYNOPSIS
./bin/account-manager-client.pl --list_authentication_tokens
=head1 DESCRIPTION
The Test Account manager instanciates test accounts associated to a SAML Identity Provider.
This script provides a command-line interface for most functions.
=head1 EXAMPLES
=over 8
=item C<account-manager-client.pl --add_test_account --account_profile=student1 --sp_entityid=https://test.federation.renater.fr/test/ressource>
Adds a new test account.
=item C<account-manager-client.pl --list_test_accounts --sp_entityid=https://test.federation.renater.fr/test/ressource --account_profile=student1>
List all test accounts. Criterias can be added to filter test accounts.
=item C<account-manager-client.pl --list_test_accounts --filter_expired>
List all expired test accounts.
=item C<account-manager-client.pl --list_test_accounts --filter_expired --delete>
Remove all expired test accounts from DB.
=item C<account-manager-client.pl --parse_federation_metadata>
Parses the SAML metadata file, as defined by the C<federation_metadata_file_path> configuration parameter.
=item C<account-manager-client.pl --list_authentication_tokens --sp_entityid=https://test.federation.renater.fr/test/ressource --token=dhj67sjJ>
List all authentication tokens. Criterias can be added to filter tokens.
=item C<account-manager-client.pl --get_authentication_token --token=dhj67sjJ>
Get informations on a token.
=item C<account-manager-client.pl --add_authentication_token --email_address=john@my.fqdn --sp_entityid=https://test.federation.renater.fr/test/ressource>
Adds a new test account.
=item C<account-manager-client.pl --send_notice ----email_address=john@my.fqdn>
Sends a mail notice to the specified email address.
=back
=head1 AUTHOR
Olivier Salaün (olivier.salaun@renater.fr)