This repository has been archived by the owner on Jan 20, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 99
how to update oidc client url address
Sriram Nambakam edited this page Feb 5, 2018
·
1 revision
Notes
- As a pre-requisite, retrieve the OIDC token from Lightwave using code
- The client id of an existing OIDC client can be listed using code
- This program depends on jq and curl
#!/bin/bash
LW_TENANT=
LW_SERVER=
LW_PORT=443
CLIENT_URL=
CLIENT_ID=
CLIENT_TYPE=
CRED_CACHE_PATH="$HOME/.lightwave_tokens"
showUsage()
{
echo "Usage: lw-update-oidc-client -t <tenant>"
echo " -s <server>"
echo " [ -p <port>]"
echo " -i <client id>"
echo " -c <client URL>"
echo " -r {lightwave-ui}"
}
getEncodedValue()
{
local string="${1}"
local strlen=${#string}
local encoded=""
local pos c o
for (( pos=0 ; pos<strlen ; pos++ )); do
c=${string:$pos:1}
case "$c" in
[-_.~a-zA-Z0-9] )
o="${c}"
;;
* )
printf -v o '%%%02x' "'$c'"
;;
esac
encoded+="${o}"
done
echo "${encoded}"
}
create_lw_ui_oidc_metadata()
{
local metadata_file=$1
local client_id=$2
local client_url=$3
local tenant=$4
cat > $metadata_file <<-EOF
{
"clientId": "$client_id",
"redirectUriTemplates": [
"$client_url/lightwaveui/Home"
],
"tokenEndpointAuthMethod": "none",
"postLogoutRedirectUriTemplates": [
"$client_url/lightwaveui"
],
"logoutUriTemplate": "$client_url/lightwaveui",
"authnRequestClientAssertionLifetimeMS": 0,
"multiTenant": true
}
EOF
}
while getopts t:s:p:c:i:r: o
do
case "$o" in
t)
LW_TENANT="$OPTARG"
;;
s)
LW_SERVER="$OPTARG"
;;
p)
LW_PORT="$OPTARG"
;;
c)
CLIENT_URL="$OPTARG"
;;
i)
CLIENT_ID="$OPTARG"
;;
r)
CLIENT_TYPE="$OPTARG"
;;
[?])
showUsage
exit 1
esac
done
if [ -z "$LW_TENANT" ]; then
echo "Error: The Lightwave Tenant was not specified"
showUsage
exit 1
fi
if [ -z "$LW_SERVER" ]; then
echo "Error: The Lightwave Server was not specified"
showUsage
exit 1
fi
if [ -z "$LW_PORT" ]; then
echo "Error: The Lightwave Port was not specified"
showUsage
exit 1
fi
if [ -z "$CLIENT_URL" ]; then
echo "Error: The Client URL was not specified"
showUsage
exit 1
fi
if [ -z "$CLIENT_ID" ]; then
echo "Error: The Client ID was not specified"
showUsage
exit 1
fi
if [ -z "$CLIENT_TYPE" ]; then
echo "Error: The Client Type was not specified"
showUsage
exit 1
fi
if [ ! -f $CRED_CACHE_PATH ]; then
echo "Error: No authentication tokens found. Please login and try again."
showUsage
exit 1
fi
LW_TOKEN=$(jq -r '.access_token' $CRED_CACHE_PATH)
if [ -z "$LW_TOKEN" ]; then
echo "Error: Invalid or no OIDC token found in $CRED_CACHE_PATH"
echo "Please retry after acquiring a valid OIDC token from Lightwave"
exit 2
fi
encoded_tenant=$(getEncodedValue $LW_TENANT)
encoded_client_id=$(getEncodedValue $CLIENT_ID)
url="https://$LW_SERVER:$LW_PORT/idm/tenant/$encoded_tenant/oidcclient/$encoded_client_id"
tmpfile=$(mktemp /tmp/lw-oidc-def-XXXXXX.json)
case "$CLIENT_TYPE" in
"lightwave-ui")
create_lw_ui_oidc_metadata $tmpfile $CLIENT_ID $CLIENT_URL $encoded_tenant
;;
*)
echo "Error: An Invalid Client Type - $CLIENT_TYPE was specified"
showUsage
exit 1
esac
headers=(
-H "Content-Type: application/json"
-H "Authorization: Bearer $LW_TOKEN"
)
OIDC_METADATA=$(jq -r '.' $tmpfile)
curl -k -X PUT -d "$OIDC_METADATA" "$url" "${headers[@]}" | jq -r '.'
rm -f $tmpfile