From 3e5e9beef0f8812279f4cbc7b2953d5792d94c5d Mon Sep 17 00:00:00 2001
From: Matthew Slowe <M.Slowe@kent.ac.uk>
Date: Fri, 8 Jul 2016 09:01:25 +0100
Subject: [PATCH] initial commit

---
 README.md    | 28 ++++++++++++++++++++++++++++
 template.xml | 22 ++++++++++++++++++++++
 test.sh      | 29 +++++++++++++++++++++++++++++
 3 files changed, 79 insertions(+)
 create mode 100644 README.md
 create mode 100644 template.xml
 create mode 100755 test.sh

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..2ac731b
--- /dev/null
+++ b/README.md
@@ -0,0 +1,28 @@
+Simple SOAP ECP Test
+====================
+
+This simple script performs a test on a Basic Auth protected SAML2 ECP endpoint.
+
+Usage
+-----
+
+The script defaults to impersonating an Office365 Azure based SP. Override by specifying the EntityID of the SP you wish to impersonate in the ```ENTITYID``` environment variable.
+
+You also need to specify the registered endpoint that the request is pretending to come from. Again, this defaults to the Office365 endpoint. Override with ```ENDPOINT```.
+
+You *MUST* specify a ```URL``` to make the request against. For a Shibboleth IDP this probably looks like ```https://idp.example.com/idp/profile/SAML2/SOAP/ECP```.
+
+Example
+-------
+
+**The values for ```ENTITYID``` and ```ENDPOINT``` are the defaults.**
+
+```
+CRED=user:pass \
+ENTITYID=urn:federation:MicrosoftOnline \
+ENDPOINT=https://login.microsoftonline.com/login.srf \
+URL=https://idp.example.com/idp/profile/SAML2/SOAP/ECP \
+bash test.sh | xmllint --pretty 1 -
+```
+
+
diff --git a/template.xml b/template.xml
new file mode 100644
index 0000000..f56cf25
--- /dev/null
+++ b/template.xml
@@ -0,0 +1,22 @@
+<SOAP-ENV:Envelope 
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
+    xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
+    xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp">
+    <SOAP-ENV:Header>
+     </SOAP-ENV:Header>
+     <SOAP-ENV:Body> 
+        <samlp:AuthnRequest
+		ID="__RANDOM_STRING__" 
+		ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
+		AssertionConsumerServiceURL="__AssertionConsumerServiceURL__"
+		IssueInstant="__NOW__"
+		Version="2.0"
+	>
+	<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
+		__REMOTE_ENTITYID__
+	</saml:Issuer>
+	<samlp:NameIDPolicy AllowCreate="1"/>
+	</samlp:AuthnRequest>       
+     </SOAP-ENV:Body> 
+</SOAP-ENV:Envelope>
\ No newline at end of file
diff --git a/test.sh b/test.sh
new file mode 100755
index 0000000..e43272f
--- /dev/null
+++ b/test.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+### Simple SOAP ECP Test
+
+TEMPLATE=template.xml
+NOW=$(date -u '+%FT%H:%M:%SZ')
+ID=$(echo "${NOW}-$$" | shasum | cut -d ' ' -f 1)
+ENTITYID=${ENTITYID:-urn:federation:MicrosoftOnline}
+ENDPOINT=${ENDPOINT:-https://login.microsoftonline.com/login.srf}
+URL=${URL:-http://localhost/}
+
+CRED=${CRED:-anonymous:anonymous}
+
+ENDPOINT_ESCAPED="$(echo $ENDPOINT | sed -e 's/[\/&]/\\&/g')"
+
+REQUEST=$(cat $TEMPLATE |
+	sed "s/__NOW__/$NOW/" |
+	sed "s/__RANDOM_STRING__/$ID/" |
+	sed "s/__REMOTE_ENTITYID__/$ENTITYID/" |
+	sed "s/__AssertionConsumerServiceURL__/$ENDPOINT_ESCAPED/")
+
+echo $REQUEST | xmllint --pretty 1 -
+
+echo $REQUEST |
+	curl -k \
+		-d @- \
+		-H "Content-Type: application/vnd.paos+xml" \
+		--basic -u $CRED \
+		$URL