Last active
November 15, 2016 15:58
-
-
Save trscavo/ab2edd1b6bfdb3a41076 to your computer and use it in GitHub Desktop.
Bash script to fetch SAML metadata via the Metadata Query Protocol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # DEPRECATED: Use mdq_url.sh instead | |
| ########################################################### | |
| # Fetch SAML metadata via the Metadata Query Protocol | |
| # | |
| # usage: md_query.sh [-tvq] [IDENTIFIER] | |
| # | |
| # where the -t option simply outputs the computed request URL (without | |
| # querying for metadata). Omitting the -t option causes the script to | |
| # invoke the curl command-line utility. The -v option causes curl to | |
| # produce verbose output while the -q option causes curl to be silent. | |
| # All options are mutually exclusive. | |
| # | |
| # The single command-line argument is an arbitrary IDENTIFIER as defined | |
| # by the Metadata Query Protocol specification. In a SAML context the | |
| # IDENTIFIER is usually a SAML entityID, which is used to fetch a single | |
| # entity descriptor. | |
| # | |
| # NOTE: If both the IDENTIFIER and the -t option are omitted, the script | |
| # will fetch ALL metadata served by the metadata query server. | |
| # | |
| # Note: set environment variable MDQ_BASE_URL before using this script. | |
| # | |
| # Example: | |
| # | |
| # $ export MDQ_BASE_URL=http://mdq.example.com/public | |
| # $ md_query.sh -t https://sso.example.org/idp | |
| # http://mdq.example.com/public/entities/https%3A%2F%2Fsso.example.org%2Fidp | |
| # | |
| # For details regarding the Metadata Query Protocol, see: | |
| # https://github.com/iay/md-query | |
| ########################################################### | |
| script_name=${0##*/} # equivalent to basename $0 | |
| # check the required environment variable | |
| if [ -z "$MDQ_BASE_URL" ]; then | |
| echo "ERROR: $script_name: environment variable MDQ_BASE_URL does not exist" >&2 | |
| exit 2 | |
| fi | |
| # Construct a request URL per the MDQ Protocol specification | |
| # See: https://github.com/iay/md-query | |
| # To construct a reference to ALL entities served by the | |
| # metadata query server, simply omit the second argument | |
| construct_mdq_url () { | |
| # construct_mdq_url <base_url> <url_encoded_id> | |
| # make sure there are one or two command-line arguments | |
| if [ $# -lt 1 -o $# -gt 2 ]; then | |
| echo "ERROR: $FUNCNAME: incorrect number of arguments: $# (1 or 2 required)" >&2 | |
| return 2 | |
| fi | |
| local base_url=$1 | |
| # strip the trailing slash from the base URL if necessary | |
| local length="${#1}" | |
| if [[ "${base_url:length-1:1}" == '/' ]]; then | |
| base_url="${base_url:0:length-1}" | |
| fi | |
| # append the identifier if there is one | |
| if [ $# -eq 2 ]; then | |
| echo "${base_url}/entities/$2" | |
| else | |
| echo "${base_url}/entities" | |
| fi | |
| } | |
| # URL-encode an arbitrary string | |
| # see: https://gist.github.com/cdown/1163649 | |
| urlencode () { | |
| # urlencode <string> | |
| # make sure there is one (and only one) command-line argument | |
| if [ $# -ne 1 ]; then | |
| echo "ERROR: $FUNCNAME: incorrect number of arguments: $# (1 required)" >&2 | |
| return 2 | |
| fi | |
| local length="${#1}" | |
| for (( i = 0; i < length; i++ )); do | |
| local c="${1:i:1}" | |
| case "$c" in | |
| [a-zA-Z0-9.~_-]) printf "$c" ;; | |
| *) printf '%%%02X' "'$c" | |
| esac | |
| done | |
| } | |
| # process command-line option(s) | |
| test_mode=false; verbose_mode=false; quiet_mode=false; curl_opts= | |
| while getopts ":tvq" opt; do | |
| case $opt in | |
| t) | |
| test_mode=true | |
| verbose_mode=false | |
| quiet_mode=false | |
| curl_opts= | |
| ;; | |
| v) | |
| test_mode=false | |
| verbose_mode=true | |
| quiet_mode=false | |
| curl_opts="--verbose" | |
| ;; | |
| q) | |
| test_mode=false | |
| verbose_mode=false | |
| quiet_mode=true | |
| curl_opts="--silent" | |
| ;; | |
| \?) | |
| echo "ERROR: $script_name: Unrecognized option: -$OPTARG" >&2 | |
| exit 2 | |
| ;; | |
| esac | |
| done | |
| # construct the request URL | |
| shift $(( OPTIND - 1 )) | |
| if [ $# -eq 0 ]; then | |
| request_url=$( construct_mdq_url $MDQ_BASE_URL ) | |
| elif [ $# -eq 1 ]; then | |
| # URL-encode the identifier | |
| encoded_id=$( urlencode "$1" ) | |
| return_status=$? | |
| if [ "$return_status" -ne 0 ]; then | |
| echo "ERROR: $script_name: failed to URL-encode the identifier" >&2 | |
| exit $return_status | |
| fi | |
| request_url=$( construct_mdq_url $MDQ_BASE_URL $encoded_id ) | |
| else | |
| echo "ERROR: $script_name: incorrect number of arguments: $# (1 required)" >&2 | |
| exit 2 | |
| fi | |
| # was the URL successfully constructed? | |
| return_status=$? | |
| if [ "$return_status" -ne 0 ]; then | |
| echo "ERROR: $script_name: failed to construct the request URL" >&2 | |
| exit $return_status | |
| fi | |
| # use curl to request the resource (unless in test mode) | |
| if $test_mode; then | |
| echo $request_url | |
| else | |
| /usr/bin/curl $curl_opts $request_url | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment