Created
March 19, 2020 20:15
-
-
Save vprasanth87/5bd091f0eb24c4919b938f0528ee93bc to your computer and use it in GitHub Desktop.
splunk saml azure script for oauth
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from commonAuth import * | |
import requests | |
import json | |
requests.packages.urllib3.disable_warnings() | |
# If Azure is your identity provider, you can use this script to extract Security Assertion | |
# Markup Language (SAML) user information as an alternative to using SAML attribute | |
# query requests (AQR) which Azure does not support. | |
# | |
# You can provide your Azure API key credentials in the authentication.conf file and use | |
# the Azure API to extract user information. In authentication.conf, configure the | |
# 'scriptSecureArguments' setting to "azureKey:<your Azure API key>". For example: | |
# | |
# scriptSecureArguments = azureKey:<your Azure API key string> | |
# | |
# After you restart the Splunk platform, the platform encrypts your Azure credentials. | |
# For more information about Splunk platform configuration files, search the | |
# Splunk documentation for "about configuration files". | |
USER_ENDPOINT = 'https://graph.microsoft.com/v1.0/users/' | |
def getUserInfo(args): | |
token_url = "https://login.microsoftonline.com/${TENANT_ID}/oauth2/v2.0/token" | |
client_id = '${AZURE_SPLUNK_SSO_APP_ID}' | |
client_secret = '{AZURE_SSO_APP_API_KEY}' | |
scope = 'https://graph.microsoft.com/.default' | |
grant_type = 'client_credentials' | |
payload = {'client_id': client_id, 'scope': scope, 'client_secret': client_secret, 'grant_type': 'client_credentials'} | |
headers = {'Content-Type': 'application/x-www-form-urlencoded'} | |
access_token_response = requests.post(token_url, data=payload, verify=False, allow_redirects=False, headers=headers) | |
#print(access_token_response.headers) | |
#print(access_token_response.text) | |
tokens = json.loads(access_token_response.text) | |
#print("access token: " + tokens['access_token']) | |
API_KEY_HEADER = 'Bearer ' + tokens['access_token'] | |
AZURE_HEADERS = {'Authorization' : API_KEY_HEADER} | |
realNameStr = '' | |
# Assuming the username passed in is in the form of an email address corresponding | |
# to the Azure user. | |
usernameStr = args['username'] | |
objectId = '' | |
fullString = '' | |
rolesString = '' | |
# Unable to append the username to users endpoint to gather user info, so get | |
# all users, search for the username, and map this username to other user fields. | |
# Operating under the assumption that the object id of a user needs to be appended | |
# to the user endpoint in order to obtain information for the user. | |
USER_ENDPOINT_USERNAME = USER_ENDPOINT + usernameStr | |
print(USER_ENDPOINT_USERNAME) | |
userResponse = requests.request('GET', USER_ENDPOINT_USERNAME, headers=AZURE_HEADERS, verify=False) | |
print(userResponse.status_code) | |
if userResponse.status_code != 200: | |
print(FAILED) | |
return | |
# Assuming the username is the email for a user. | |
userResponse_dictionary = userResponse.json() | |
#print(userResponse_dictionary) | |
#if userResponse_dictionary['userPrincipalName'] == usernameStr: | |
objectId = userResponse_dictionary['id'] | |
#print(userResponse_dictionary['id']) | |
realNameStr = userResponse_dictionary['displayName'] | |
#print(userResponse_dictionary['displayName']) | |
#break | |
# Construct a groups endpoint with the user's object ID | |
groupsEndpoint = USER_ENDPOINT + objectId + '/memberOf' | |
print(groupsEndpoint) | |
groupsResponse = requests.request('GET', groupsEndpoint, headers=AZURE_HEADERS, verify=False) | |
print(groupsResponse.status_code) | |
if groupsResponse.status_code != 200: | |
print(FAILED) | |
return | |
groupsResponse_dictonary = groupsResponse.json() | |
#print(groupsResponse_dictonary) | |
# Returning the display Name associated with each group the user is a part of | |
for item in groupsResponse_dictonary['value']: | |
rolesString += item['id'] | |
if item != groupsResponse_dictonary['value'][-1]: | |
rolesString += ':' | |
fullString += SUCCESS + ' ' + '--userInfo=' + usernameStr + ';' + realNameStr + ';' + rolesString | |
print(fullString) | |
if __name__ == "__main__": | |
callName = sys.argv[1] | |
dictIn = readInputs() | |
if callName == "getUserInfo": | |
getUserInfo(dictIn) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment