sso
This commit is contained in:
parent
029fe23657
commit
1876580d86
911 changed files with 160008 additions and 2 deletions
29
adfs_connect/adfs_cert.crt
Normal file
29
adfs_connect/adfs_cert.crt
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIE6DCCAtCgAwIBAgIQHGs9jnIAW5RERIyV/X677zANBgkqhkiG9w0BAQsFADAw
|
||||
MS4wLAYDVQQDEyVBREZTIFNpZ25pbmcgLSBzc28uc2F0aXRtLmNodWxhLmFjLnRo
|
||||
MB4XDTI0MDQyNjA2NTkzNloXDTI1MDQyNjA2NTkzNlowMDEuMCwGA1UEAxMlQURG
|
||||
UyBTaWduaW5nIC0gc3NvLnNhdGl0bS5jaHVsYS5hYy50aDCCAiIwDQYJKoZIhvcN
|
||||
AQEBBQADggIPADCCAgoCggIBALxemb97jNbdJUJl3rUnu+U3KLZIm8tD4/ggIuKN
|
||||
mMiLdpJvl/PlAP8tiQB2B8RShOEsm7kGUS4cpAPQtgkjoMMrczUn94c0dqDWJZvV
|
||||
aqnTCas6uYkJv2SE33SjieAjPEVOFe3sZTovO/BNRdc630RzzXpoVqhgg0GH1Dc8
|
||||
Gv3YgWTDIVpG83b2WdfDvD+hwFKaNx2n2WI9gRrIFClxuCTHRl4svAMo1SMXh7Pz
|
||||
sgy75C68zyn+5lw6hqre2sUFDwto88ciP4iXSqjd+gRkMkcpE0D24YM0X1dvOGYB
|
||||
9pA+leIML0/G2JdqArO1Lj8C5En96NS6hEim/pyGjQg7RPDtp1IiOYk6JyneUFSZ
|
||||
op90D2MWN0qcIwxOhYYWYaVZz6fmHmzG6bbsYEM7bD4rhEJXbrkn5AT/HlSWr6gy
|
||||
8ueZKH5Ai4B6kM96Zn69uIfsURWzCtCrudbsUVYDmuAWI2+GEt387rdbyV68kQti
|
||||
MPqPOv/ej2/u+v8R+EDg7PGyYa8ZnF4A/64MYRM5zNMcnOmZZGzN0klNZveIbfR1
|
||||
G5k6LKleDKN/P8W6CbRrNvru02C4m75FR2zgZX8COR1oIE0eX3AJLotimuTcuWX5
|
||||
YRYQhhntf7M82yu0NsdaMLrSMWX9kPdXSJwbjiHqJPGpoIIE/qxWpMdloC3j9yZf
|
||||
9P8RAgMBAAEwDQYJKoZIhvcNAQELBQADggIBADH2f9mWGFw3D4J4SflmFpXrWTxB
|
||||
gEOFL+04e626X21+mE10bVve9OX2EXV1s/YZY13sqmtPd9LV0BUCoefU72VEl+Au
|
||||
BT0WUiiuZ0aBiNyl9CZGqib35MZhEujH/WpsxwNZKM9Hp+oCRx6+mgnewJdA/cO0
|
||||
CAaKZLxgtx4KzvvsQ6cbn0KuRmMXibVCJJjnSk7ZJeO2w7uXQYEWCNRpQic/Fqr6
|
||||
5lsV37ybuAJtk/jvTxSbKNIyyUSqEe83UuOSKrIW+ujGfcFNmcQ5c1tMPGnJo830
|
||||
tS33EOipKC5KybjdW/5VWBBA5k9IeTv9j1XazHKOg7SH49Oalc6OJtj9wErJeCc8
|
||||
yR0T47irOwKPE2/e6M4kAPbL/6RbuQswao+3LTJ1HTOjb1odjENFm56zR/rMfsNH
|
||||
SbaLu0bmsZVkTv/z+Hrz1uwkQ0AV+jpQ57E7JXj6xXLOXAHNjH7x1zMr3BxlFMhk
|
||||
pvUpyPz2pQuoDzbEB14UhdGXoxT/bB2l4yNJwvIbV5xNLpjS60K8DMkx5F226qQK
|
||||
2qjKgn8o96y3Zx0TUtLX2ZuFYHFI08unaM4AktZOrG5ZPTKQaEMNoCC+r0HZIEnV
|
||||
AU/gOl70FDfhzPIwib5plAGZjT1Q3LskVKWTeyTTaQ5JugTREPGTLnAPmM+KqT0s
|
||||
Tp5lCBxGjwhEj7/l
|
||||
-----END CERTIFICATE-----
|
||||
92
adfs_connect/mellon_create_metadata.sh
Normal file
92
adfs_connect/mellon_create_metadata.sh
Normal file
|
|
@ -0,0 +1,92 @@
|
|||
#!/usr/bin/env bash
|
||||
set -e
|
||||
|
||||
PROG="$(basename "$0")"
|
||||
|
||||
printUsage() {
|
||||
echo "Usage: $PROG ENTITY-ID ENDPOINT-URL"
|
||||
echo ""
|
||||
echo "Example:"
|
||||
echo " $PROG urn:someservice https://sp.example.org/mellon"
|
||||
echo ""
|
||||
}
|
||||
|
||||
if [ "$#" -lt 2 ]; then
|
||||
printUsage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ENTITYID="$1"
|
||||
if [ -z "$ENTITYID" ]; then
|
||||
echo "$PROG: An entity ID is required." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
BASEURL="$2"
|
||||
if [ -z "$BASEURL" ]; then
|
||||
echo "$PROG: The URL to the MellonEndpointPath is required." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! echo "$BASEURL" | grep -q '^https\?://'; then
|
||||
echo "$PROG: The URL must start with \"http://\" or \"https://\"." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
HOST="$(echo "$BASEURL" | sed 's#^[a-z]*://\([^:/]*\).*#\1#')"
|
||||
BASEURL="$(echo "$BASEURL" | sed 's#/$##')"
|
||||
|
||||
OUTFILE="$(echo "$ENTITYID" | sed 's/[^0-9A-Za-z.]/_/g' | sed 's/__*/_/g')"
|
||||
echo "Output files:"
|
||||
echo "Private key: $OUTFILE.key"
|
||||
echo "Certificate: $OUTFILE.cert"
|
||||
echo "Metadata: $OUTFILE.xml"
|
||||
echo "Host: $HOST"
|
||||
echo
|
||||
echo "Endpoints:"
|
||||
echo "SingleLogoutService: $BASEURL/logout"
|
||||
echo "AssertionConsumerService: $BASEURL/postResponse"
|
||||
echo
|
||||
|
||||
# No files should not be readable by the rest of the world.
|
||||
umask 0077
|
||||
|
||||
TEMPLATEFILE="$(mktemp -t mellon_create_sp.XXXXXXXXXX)"
|
||||
|
||||
cat >"$TEMPLATEFILE" <<EOF
|
||||
RANDFILE = /dev/urandom
|
||||
[req]
|
||||
default_bits = 2048
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
prompt = no
|
||||
policy = policy_anything
|
||||
[req_distinguished_name]
|
||||
commonName = $HOST
|
||||
EOF
|
||||
|
||||
openssl req -utf8 -batch -config "$TEMPLATEFILE" -new -x509 -days 3652 -nodes -out "$OUTFILE.cert" -keyout "$OUTFILE.key" 2>/dev/null
|
||||
|
||||
rm -f "$TEMPLATEFILE"
|
||||
|
||||
CERT="$(grep -v '^-----' "$OUTFILE.cert")"
|
||||
|
||||
cat >"$OUTFILE.xml" <<EOF
|
||||
<EntityDescriptor entityID="$ENTITYID" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<KeyDescriptor use="signing">
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data>
|
||||
<ds:X509Certificate>$CERT</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="$BASEURL/logout"/>
|
||||
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="$BASEURL/postResponse" index="0"/>
|
||||
</SPSSODescriptor>
|
||||
</EntityDescriptor>
|
||||
EOF
|
||||
|
||||
umask 0777
|
||||
chmod go+r "$OUTFILE.xml"
|
||||
chmod go+r "$OUTFILE.cert"
|
||||
13
adfs_connect/relay_trust.xml
Normal file
13
adfs_connect/relay_trust.xml
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
<EntityDescriptor entityID="urn:sso.satitm.chula.ac.th" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<KeyDescriptor use="signing">
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data>
|
||||
<ds:X509Certificate>MIICyTCCAbECFEH5sLbapWi/YMQ8pY8hnyQQmUjKMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFnNzby5zYXRpdG0uY2h1bGEuYWMudGgwHhcNMjQwNTAzMDc0NTQwWhcNMzQwNTAzMDc0NTQwWjAhMR8wHQYDVQQDDBZzc28uc2F0aXRtLmNodWxhLmFjLnRoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdf8d+QGriCyxSSRiSMN81U1sJGb/ZOY9nMGCgcIpYi5/YceR1RPkMAf8ZySbTWWPw/puda3XZb6CNpHkAx449gS9r65XSfdRRBMhq2URA8CcCOxLOi6tE4Uv0FkSpIjKY7n7eSQp0+P1DdAyDhLHjAy/P9oYvxkLiYdIiv6bTmwCiulEapNFK3y1sCExD19JK08rHAXrNVejJW6rKVCVzikUlcBc4VycS14uhu3c2reJnS79VwLim5zzUek1SHpb0EVB2F13A9v7gjmLF1h9uY9s38s1EQGPAYrxbJftnSv1TwMaVR7zuujd7RrjJsiHVJchhHsgGzsNyjpiJMhZwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBAJ4NU0SW9XxfB8f4r9/4KwZWT6Wfq+kQTvypXr0tp67u9G1MxXAXOC7RRhB6TzyYaSIKNS9dxZEzuPpHFJtr3T6E6ORCT4huP4IkcsC9/QvG6DwhcRCWpF6MF3l/sRv6T31cHYpraugoPWL0w/YpKPAoYU1qibq+6VhkYZjBL7dk9dWZHtKxfs7M4UOvSNKU1Ibi1KITCVE9cqtDIfICyC6Y2eTd9YyrC3zbOfP+0pP0Ybsy36hhrP2johRpCFphCfMHO4Q25HIxQRYXffktPR9bra67WdBs1Sr7PImuZPisoqsp7WjIgHCWrI0h6CNOIEIhLb66Qn4pZH/AZsXZ2</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.satitm.chula.ac.th/selfservice/activedirectory/logout"/>
|
||||
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sso.satitm.chula.ac.th/selfservice/activedirectory/postResponse" index="0"/>
|
||||
</SPSSODescriptor>
|
||||
</EntityDescriptor>
|
||||
40
adfs_connect/retrieve_adfs_certificate.sh
Normal file
40
adfs_connect/retrieve_adfs_certificate.sh
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Author: Tim Brody <T.D.Brody@soton.ac.uk>
|
||||
# Date: 2015-02-11
|
||||
#
|
||||
# Retrieve the signing certificate from an ADFS instance in PEM format.
|
||||
|
||||
ADFS_SERVER=$1
|
||||
|
||||
if [ "$#" -ne "1" ]; then
|
||||
echo "Usage: $0 <adfs server URL>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
URL=$ADFS_SERVER/FederationMetadata/2007-06/FederationMetadata.xml
|
||||
TEMPFILE=$(mktemp)
|
||||
|
||||
if [[ $(command -v wget) ]]; then
|
||||
wget --no-check-certificate -q -O $TEMPFILE $URL
|
||||
elif [[ $(command -v curl) ]]; then
|
||||
curl -sk $URL -o $TEMPFILE
|
||||
else
|
||||
echo "Neither curl or wget was found"
|
||||
exit 127
|
||||
fi
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Error requesting $URL"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "-----BEGIN CERTIFICATE-----"
|
||||
(xmllint --shell $TEMPFILE | grep -v '^/ >' | grep -v '^ ----' | fold -w 64) << EndOfScript
|
||||
setns a=urn:oasis:names:tc:SAML:2.0:metadata
|
||||
setns b=http://www.w3.org/2000/09/xmldsig#
|
||||
cat /a:EntityDescriptor/b:Signature/b:KeyInfo/b:X509Data/b:X509Certificate/text()
|
||||
EndOfScript
|
||||
echo "-----END CERTIFICATE-----"
|
||||
|
||||
unlink $TEMPFILE
|
||||
17
adfs_connect/urn_satitm_sso_selfservice.cert
Normal file
17
adfs_connect/urn_satitm_sso_selfservice.cert
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICyTCCAbECFEH5sLbapWi/YMQ8pY8hnyQQmUjKMA0GCSqGSIb3DQEBCwUAMCEx
|
||||
HzAdBgNVBAMMFnNzby5zYXRpdG0uY2h1bGEuYWMudGgwHhcNMjQwNTAzMDc0NTQw
|
||||
WhcNMzQwNTAzMDc0NTQwWjAhMR8wHQYDVQQDDBZzc28uc2F0aXRtLmNodWxhLmFj
|
||||
LnRoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdf8d+QGriCyxSSR
|
||||
iSMN81U1sJGb/ZOY9nMGCgcIpYi5/YceR1RPkMAf8ZySbTWWPw/puda3XZb6CNpH
|
||||
kAx449gS9r65XSfdRRBMhq2URA8CcCOxLOi6tE4Uv0FkSpIjKY7n7eSQp0+P1DdA
|
||||
yDhLHjAy/P9oYvxkLiYdIiv6bTmwCiulEapNFK3y1sCExD19JK08rHAXrNVejJW6
|
||||
rKVCVzikUlcBc4VycS14uhu3c2reJnS79VwLim5zzUek1SHpb0EVB2F13A9v7gjm
|
||||
LF1h9uY9s38s1EQGPAYrxbJftnSv1TwMaVR7zuujd7RrjJsiHVJchhHsgGzsNyjp
|
||||
iJMhZwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBAJ4NU0SW9XxfB8f4r9/4KwZWT
|
||||
6Wfq+kQTvypXr0tp67u9G1MxXAXOC7RRhB6TzyYaSIKNS9dxZEzuPpHFJtr3T6E6
|
||||
ORCT4huP4IkcsC9/QvG6DwhcRCWpF6MF3l/sRv6T31cHYpraugoPWL0w/YpKPAoY
|
||||
U1qibq+6VhkYZjBL7dk9dWZHtKxfs7M4UOvSNKU1Ibi1KITCVE9cqtDIfICyC6Y2
|
||||
eTd9YyrC3zbOfP+0pP0Ybsy36hhrP2johRpCFphCfMHO4Q25HIxQRYXffktPR9br
|
||||
a67WdBs1Sr7PImuZPisoqsp7WjIgHCWrI0h6CNOIEIhLb66Qn4pZH/AZsXZ2
|
||||
-----END CERTIFICATE-----
|
||||
28
adfs_connect/urn_satitm_sso_selfservice.key
Normal file
28
adfs_connect/urn_satitm_sso_selfservice.key
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCt1/x35AauILLF
|
||||
JJGJIw3zVTWwkZv9k5j2cwYKBwiliLn9hx5HVE+QwB/xnJJtNZY/D+m51rddlvoI
|
||||
2keQDHjj2BL2vrldJ91FEEyGrZREDwJwI7Es6Lq0ThS/QWRKkiMpjuft5JCnT4/U
|
||||
N0DIOEseMDL8/2hi/GQuJh0iK/ptObAKK6URqk0UrfLWwITEPX0krTyscBes1V6M
|
||||
lbqspUJXOKRSVwFzhXJxLXi6G7dzat4mdLv1XAuKbnPNR6TVIelvQRUHYXXcD2/u
|
||||
COYsXWH25j2zfyzURAY8BivFsl+2dK/VPAxpVHvO66N3tGuMmyIdUlyGEeyAbOw3
|
||||
KOmIkyFnAgMBAAECggEAFfqE8IIYwh0KMliBjzf/rzBVCGIbDv/WdUTCPQmkneEK
|
||||
ZV5BhWfIY2xBiEzGSnOy73114Z6e3NXrU1aII6h1WZZbghdHh4U0ZA3qeZXVH+xR
|
||||
35bzndI9VfG6jRpEXBUxHYj0E6SJEU4YHg7E7EtfBo22HzxfQzHWV0CkVZ9VGvKG
|
||||
upGC1i/2aaGYv0jjyB5+Sii20oh9VO95YDXS3rJxqowsuZMHqcgiQV+2GTKa06lt
|
||||
ezoaxO7MMTQ/2ZKDXq3LpPqnUPIslX7aezQQB1K8j7KZTB8VagVenAgg0c1nHsxs
|
||||
Z9p4sQarPTwUYIOhk+ioWUC2u/ivFjAJLRAaODwROQKBgQDvXl+ajxJB8C/Hlb8h
|
||||
fbbO8LPEdg1kf9zMbygGIAYDZrHX6rqrseL7Y5RGNV/xdcv5LO8qbhJmQ+7q9IMM
|
||||
lI1LeLacB8q4h+cEjAY5uoBYyKFFuGLcqM580eLppwZo4jAS/+y4LTgP5O+/3N8D
|
||||
WPoCWGZyQ8xVlg/Yi664i8Y7ewKBgQC57CB9agGepVJV3TsCFZuq1fIA4bLB675h
|
||||
8ke9swG2erD8E2oUSsK1tNADnryzFX75Q5An5tVwa9v51M/vhPCI/bsLIbbtibA7
|
||||
XhnEU4pW1NbKhRVoGef6uJpZYx8o7VmDWwD6i/0QPxLwkso4NnGrR/E9cU3ow8+c
|
||||
LcfjTX5oBQKBgAfIhs1Mx6gzOiqAOQXKw6347698szTIX5KaLq/8TJXBuhiuPkGk
|
||||
+B96fnDF/Yepb+d7SY+Uoq6GmPc02ioHjoycsTtjmXjkmmNwdidcZB3+8BeHRles
|
||||
eYJfhMRaNQAmErAbeEQI3GDP7efMM8g1FXQMEdC3WaaSyZMd/6FqkhiPAoGBAJz5
|
||||
fZEGAKoWwUaXzCt9XPpHOtV9ufS6+votml7TFX4hZu7d4XGSkYTjTcHQs1esrZD9
|
||||
d2gJIGqT1p3ADXQYVRIE0HiclZtG5lGpqK23LxUTDOrepG1JejCYzlDsPLHMfAhI
|
||||
vLHNofOmnXIbLbt6VEyeKFONJ4+AS/h8Oslyc2iVAoGAP1R0bo4ikpoK1j/SZEBc
|
||||
dLSOISjnfzIlZlROrvBycAqRnJMBZoa6GE2MmPl8dUjDQUmKxZOixEEJ+SPuMZjD
|
||||
KruoIlOqvwbyl1iVTy2DUGbJvb2wTaps6OcEpXHt61lezWYPNc2cWkkahGL5g4wm
|
||||
AmmYDjt6+pP417McwUQO+yo=
|
||||
-----END PRIVATE KEY-----
|
||||
1
adfs_connect/urn_satitm_sso_selfservice_cert_ol.txt
Normal file
1
adfs_connect/urn_satitm_sso_selfservice_cert_ol.txt
Normal file
|
|
@ -0,0 +1 @@
|
|||
MIICyTCCAbECFEH5sLbapWi/YMQ8pY8hnyQQmUjKMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFnNzby5zYXRpdG0uY2h1bGEuYWMudGgwHhcNMjQwNTAzMDc0NTQwWhcNMzQwNTAzMDc0NTQwWjAhMR8wHQYDVQQDDBZzc28uc2F0aXRtLmNodWxhLmFjLnRoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdf8d+QGriCyxSSRiSMN81U1sJGb/ZOY9nMGCgcIpYi5/YceR1RPkMAf8ZySbTWWPw/puda3XZb6CNpHkAx449gS9r65XSfdRRBMhq2URA8CcCOxLOi6tE4Uv0FkSpIjKY7n7eSQp0+P1DdAyDhLHjAy/P9oYvxkLiYdIiv6bTmwCiulEapNFK3y1sCExD19JK08rHAXrNVejJW6rKVCVzikUlcBc4VycS14uhu3c2reJnS79VwLim5zzUek1SHpb0EVB2F13A9v7gjmLF1h9uY9s38s1EQGPAYrxbJftnSv1TwMaVR7zuujd7RrjJsiHVJchhHsgGzsNyjpiJMhZwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBAJ4NU0SW9XxfB8f4r9/4KwZWT6Wfq+kQTvypXr0tp67u9G1MxXAXOC7RRhB6TzyYaSIKNS9dxZEzuPpHFJtr3T6E6ORCT4huP4IkcsC9/QvG6DwhcRCWpF6MF3l/sRv6T31cHYpraugoPWL0w/YpKPAoYU1qibq+6VhkYZjBL7dk9dWZHtKxfs7M4UOvSNKU1Ibi1KITCVE9cqtDIfICyC6Y2eTd9YyrC3zbOfP+0pP0Ybsy36hhrP2johRpCFphCfMHO4Q25HIxQRYXffktPR9bra67WdBs1Sr7PImuZPisoqsp7WjIgHCWrI0h6CNOIEIhLb66Qn4pZH/AZsXZ2
|
||||
Loading…
Add table
Add a link
Reference in a new issue