Skip to content

Instantly share code, notes, and snippets.

@ppproxy

ppproxy/shibb-cas-get.sh

Forked from olberger/shibb-cas-get.sh
Created May 13, 2016 08:04
Show Gist options
  • Save ppproxy/0beda7d783d75c436cd18eee8da61a13 to your computer and use it in GitHub Desktop.
Save ppproxy/0beda7d783d75c436cd18eee8da61a13 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @olberger olberger created this gist Dec 4, 2014.
    49 changes: 49 additions & 0 deletions shibb-cas-get.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,49 @@
    #!/bin/sh

    #set -x

    # Usage: shibb-cas-get.sh {username} {password} # If you have any errors try removing the redirects to get more information
    # The service to be called, and a url-encoded version (the url encoding isn't perfect, if you're encoding complex stuff you may wish to replace with a different method)

    DEST=https://myapp.example.com/
    SP=https://myapp.example.com/index.php
    IDP="https://myidp.example.com/idp/shibboleth&btn_sso=SSOok"

    #Authentication details. This script only supports username/password login, but curl can handle certificate login if required
    USERNAME=$1
    PASSWORD=$2

    #Temporary files used by curl to store cookies and http headers
    COOKIE_JAR=.cookieJar
    HEADER_DUMP_DEST=.headers
    rm $COOKIE_JAR
    rm $HEADER_DUMP_DEST

    #The script itself is below

    # 1. connect to the page which will display the WAYF

    curl -s -k -c $COOKIE_JAR "$DEST" -o /dev/null

    # 2. Choose the Shibb provider and get redirected to the CAS login form

    #Visit CAS and get a login form. This includes a unique ID for the form, which we will store in CAS_ID and attach to our form submission. jsessionid cookie will be set here

    CAS_ID=`curl -s -L --data "provider=$IDP" -i -b $COOKIE_JAR -c $COOKIE_JAR "$SP" -D $HEADER_DUMP_DEST | grep name=.lt | sed 's/.*value..//' | sed 's/\".*//'`

    dos2unix $HEADER_DUMP_DEST > /dev/null 2>&1

    CURL_DEST=`grep Location $HEADER_DUMP_DEST | tail -n 1 | sed 's/Location: //'`

    # 3. Submit the login form, using the cookies saved in the cookie jar and the form submission ID just extracted. We keep the headers from this request as the return value should be a 302 including a "ticket" param which we'll need in the next request

    curl -L -s -k --data "username=$USERNAME&password=$PASSWORD&lt=$CAS_ID&_eventId=submit&submit=LOGIN" -i -b $COOKIE_JAR -c $COOKIE_JAR $CURL_DEST -D $HEADER_DUMP_DEST -o file.html

    # 4. Extract the SAMLResponse and RelayState from the page and submit it
    grep 'name=.SAMLResponse' file.html | sed 's/.*value..//' | sed 's/\".*//' > samlresponse.txt
    relaystate=`grep 'name=.RelayState' file.html | sed 's/.*value..//' | sed 's/\".*//' | perl -MHTML::Entities -le 'while(<>) {print decode_entities($_);}'`
    target=`grep 'form action.' file.html | sed 's/.*action..//' | sed 's/\".*//' | perl -MHTML::Entities -le 'while(<>) {print decode_entities($_);}'`

    # Post the form and get redirected to the page
    curl -L -s -k --data "RelayState=$relaystate" --data-urlencode [email protected] -i -b $COOKIE_JAR -c $COOKIE_JAR "$target"