diff --git a/README.md b/README.md index 2059c2d2d1314b518c664105285d42b5ec35346a..0dee2bf51ff28fe229ee0c4f191c393456deb37c 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,8 @@ services="" </pre> ### proxy_idp_auth_test.sh +This script checks the login to SP via the host, from which is the script runs + * Requirements: * library *bc* <pre> @@ -42,6 +44,10 @@ password="" # Fill in the instance name # Instance name must not contain a space instanceName="" + +# Fill in the global domain name of ProxyIdP +# For example: login.cesnet.cz +proxyDomainName="login.elixir-czech.org" </pre> ## List of plugins diff --git a/proxy_idp_auth_test.sh b/proxy_idp_auth_test.sh index 9e1e4c92ff41552a85a05d1df056f835b9aa028f..a630770a0504f8136fb878e96f9ad51dc71c5929 100755 --- a/proxy_idp_auth_test.sh +++ b/proxy_idp_auth_test.sh @@ -23,8 +23,15 @@ password="" # Instance name must not contain a space instanceName="" +# Fill in the global domain name of ProxyIdP +# For example: login.cesnet.cz +proxyDomainName="" + # How long is normal for total roundtrip (seconds) -warningTime=5 +warningTime=10 + +## Get host IP +ip=($(hostname -I)) # End function end() @@ -46,7 +53,7 @@ if [[ $status -eq 0 && $totalTime -gt $(( $warningTime * 1000000000 )) ]]; then statustxt="Successful login, but was too long." fi -echo "$status proxy_idp_auth_test-$instanceName login_time=$timeStat $statustxt" +echo "$status $basename-$instanceName login_time=$timeStat $statustxt" exit 0 } @@ -55,7 +62,7 @@ cookieJar=$(mktemp /tmp/${basename}.XXXXXX) || exit 3 startTime=$(date +%s%N) # REQUEST #1: fetch URL for authentication page -html=$(curl -L -sS -c ${cookieJar} -w 'LAST_URL:%{url_effective}' ${testSite}) || end 2 "Failed to fetch URL: $testSite" +html=$(curl -L -sS -c ${cookieJar} -w 'LAST_URL:%{url_effective}' --resolve ${proxyDomainName}':443:'${ip} ${testSite}) || end 2 "Failed to fetch URL: $testSite" # Parse HTML to get the URL where to POST login (written out by curl itself above) authURL=$(echo ${html} | sed -e 's/.*LAST_URL:\(.*\)$/\1/') @@ -68,7 +75,7 @@ fi # REQUEST #2: log in html=$(curl -L -sS -c ${cookieJar} -b ${cookieJar} -w 'LAST_URL:%{url_effective}' \ --d "j_username=$login" -d "j_password=$password" --data-urlencode "AuthState=${authState}" ${authURL}) || end 2 "Failed to fetch URL: $authURL" +-d "j_username=$login" -d "j_password=$password" --data-urlencode "AuthState=${authState}" --resolve ${proxyDomainName}':443:'${ip} ${authURL}) || end 2 "Failed to fetch URL: $authURL" lastURL=$(echo ${html} | sed -e 's/.*LAST_URL:\(.*\)$/\1/') @@ -83,7 +90,7 @@ proxySamlResponse=$(echo ${html} | sed -e 's/.*hidden[^>]*SAMLResponse[^>]*value # REQUEST #3: post the SAMLResponse to proxy html=$(curl -L -sS -c ${cookieJar} -b ${cookieJar} -w 'LAST_URL:%{url_effective}' \ - --data-urlencode "SAMLResponse=${proxySamlResponse}" ${proxySamlEndpoint}) || end 2 "Failed to fetch URL: $proxySamlEndpoint" + --data-urlencode "SAMLResponse=${proxySamlResponse}" --resolve ${proxyDomainName}':443:'${ip} ${proxySamlEndpoint}) || end 2 "Failed to fetch URL: $proxySamlEndpoint" # We do not support JS, so parse HTML for SAML endpoint and response spSamlEndpoint=$(echo ${html} | sed -e 's/.*form[^>]*action=[\"'\'']\([^\"'\'']*\)[\"'\''].*method[^>].*/\1/') @@ -91,7 +98,7 @@ spSamlResponse=$(echo ${html} | sed -e 's/.*hidden[^>]*SAMLResponse[^>]*value=[\ # REQUEST #4: post the SAMLResponse to SP html=$(curl -L -sS -c ${cookieJar} -b ${cookieJar} -w 'LAST_URL:%{url_effective}' \ - --data-urlencode "SAMLResponse=${spSamlResponse}" ${spSamlEndpoint}) || end 2 "Failed to fetch URL: $spSamlEndpoint" + --data-urlencode "SAMLResponse=${spSamlResponse}" --resolve ${proxyDomainName}':443:'${ip} ${spSamlEndpoint}) || end 2 "Failed to fetch URL: $spSamlEndpoint" lastURL=$(echo ${html} | sed -e 's/.*LAST_URL:\(.*\)$/\1/')