81 lines
1.7 KiB
Bash
Executable File
81 lines
1.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
function load_meta() {
|
|
set -e
|
|
|
|
DEFAULT="/etc/default/authentic2"
|
|
BASEDIR=`dirname $0`
|
|
METADATA_TMP=`tempfile`
|
|
FIXTURE_TMP=`tempfile --suffix=.json`
|
|
TIMEOUT=30
|
|
|
|
trap "rm -f $METADATA_TMP $FIXTURE_TMP" EXIT
|
|
|
|
if [ -f ]; then
|
|
. /etc/default/authentic2
|
|
else
|
|
. $BASEDIR/`basename $DEFAULT`
|
|
fi
|
|
|
|
if ! wget --tries=3 --timeout=$TIMEOUT --quiet $METADATA -O$METADATA_TMP; then
|
|
echo ERROR: unable to retrieve metadata from $METADATA
|
|
exit 1
|
|
fi
|
|
|
|
if ! xmllint $METADATA_TMP >/dev/null; then
|
|
echo ERROR: xmllint failed on $SOURCE metadata
|
|
exit 1
|
|
fi
|
|
|
|
if [ "$ALLOW_SLO" = "0" ]; then
|
|
SLO_SUPPORT=false
|
|
else
|
|
SLO_SUPPORT=true
|
|
fi
|
|
|
|
|
|
# Build fixture
|
|
cat <<EOF >$FIXTURE_TMP
|
|
[
|
|
{
|
|
"model": "saml.spoptionsidppolicy",
|
|
"fields" : {
|
|
"accept_slo" : $SLO_SUPPORT,
|
|
"accepted_name_id_format" : "transient,persistent",
|
|
"ask_user_consent" : false,
|
|
"authn_request_signed" : false,
|
|
"default_name_id_format" : "transient",
|
|
"enabled" : true,
|
|
"encrypt_assertion" : false,
|
|
"encrypt_nameid" : false,
|
|
"federation_mode" : 0,
|
|
"forward_slo" : true,
|
|
"http_method_for_slo_request" : 4,
|
|
"idp_initiated_sso" : $SLO_SUPPORT,
|
|
"iframe_logout_timeout" : 300,
|
|
"name" : "Default",
|
|
"needs_iframe_logout" : false,
|
|
"prefered_assertion_consumer_binding" : "meta"
|
|
}
|
|
}]
|
|
EOF
|
|
|
|
chmod +r $FIXTURE_TMP
|
|
chmod +r $METADATA_TMP
|
|
|
|
# Load fixture
|
|
/usr/bin/authentic2-manage loaddata -v0 $FIXTURE_TMP
|
|
|
|
# Load metadata
|
|
/usr/bin/authentic2-manage sync-metadata --source=$SOURCE --sp -v1 $METADATA_TMP
|
|
|
|
rm -f $METADATA_TMP $FIXTURE_TMP
|
|
}
|
|
|
|
for config in /etc/authentic2/federations.d/*.sh; do
|
|
METADATA=
|
|
SOURCE=
|
|
. $config
|
|
load_meta "$METADATA" "$SOURCE"
|
|
done
|