Add script for synchronization with federation
This commit is contained in:
parent
a3034c98af
commit
9fca4581cd
|
@ -0,0 +1,78 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
set -x
|
||||
|
||||
DEFAULT="/etc/default/authentic2"
|
||||
BASEDIR=`dirname $0`
|
||||
METADATA_TMP=`tempfile`
|
||||
FILTERS_TMP=`tempfile`
|
||||
CERTIFICATE_TMP=`tempfile`
|
||||
FIXTURE_TMP=`tempfile`
|
||||
|
||||
function cleanup {
|
||||
rm -f $METADATA_TMP $FILTERS_TMP $CERTIFICATE_TMP $FIXTURE_TMP
|
||||
}
|
||||
|
||||
trap "cleanup" EXIT
|
||||
|
||||
if [ -f ]; then
|
||||
. /etc/default/authentic2
|
||||
else
|
||||
. $BASEDIR/`basename $DEFAULT`
|
||||
fi
|
||||
|
||||
if ! wget --quiet $RENATER_METADATA -O$METADATA_TMP; then
|
||||
echo ERROR: unable to retrieve metadata from $RENATER_METADATA
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! wget --quiet $RENATER_ATTRIBUTE_FILTERS -O$FILTERS_TMP; then
|
||||
echo ERROR: unable to retrieve attribute filters from $RENATER_ATTRIBUTE_FILTERS
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! wget --quiet $RENATER_CERTIFICATE -O$CERTIFICATE_TMP; then
|
||||
echo ERROR: unable to retrieve Renater metadata signing certificate from $RENATER_CERTIFICATE
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! xmllint $METADATA_TMP >/dev/null; then
|
||||
echo ERROR: xmllint failed on renater metadata
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! xmllint $FILTERS_TMP >/dev/null; then
|
||||
echo ERROR: xmllint failed on renater attribute filters
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Verify metadata signature
|
||||
if ! xmlsec1 --verify --id-attr:ID EntitiesDescriptor --pubkey-cert-pem $CERTIFICATE_TMP --enabled-key-data key-name $METADATA_TMP 2>/dev/null >/dev/null; then
|
||||
echo ERROR: unable to validate signature on $RENATER_METADATA
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Build fixture
|
||||
cat <<EOF >$FIXTURE_TMP
|
||||
[
|
||||
{
|
||||
"pk": [
|
||||
"Default"
|
||||
],
|
||||
"model": "saml.libertyproviderpolicy",
|
||||
"fields": {
|
||||
"name": "Default",
|
||||
"authn_request_signature_check_hint": 2
|
||||
}
|
||||
}]
|
||||
EOF
|
||||
|
||||
# Load fixture
|
||||
authentic2-ctl loaddata -v0 $FIXTURE_TMP
|
||||
|
||||
|
||||
sed -i 's/\<email\>/mail/' $FILTERS_TMP
|
||||
|
||||
# Load metadataas
|
||||
authentic2-ctl sync-metadata --source=renater --shibboleth-attribute-filter-policy=$FILTERS_TMP --sp -v1 $METADATA_TMP
|
Reference in New Issue