4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# The contents of this file are subject to the terms
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# of the Common Development and Distribution License
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# (the License). You may not use this file except in
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# compliance with the License.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# You can obtain a copy of the License at
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# https://opensso.dev.java.net/public/CDDLv1.0.html or
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# See the License for the specific language governing
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# permission and limitations under the License.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# When distributing Covered Code, include this CDDL
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# Header Notice in each file and include the License file
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# If applicable, add the following below the CDDL Header,
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# with the fields enclosed by brackets [] replaced by
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# your own identifying information:
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# "Portions Copyrighted [year] [name of copyright owner]"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# The bulk account federation for SAML v2 in OpenSSO or
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# Sun Java System Federation Manager is achieved through the following perl
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# 1. saml2GenerateNI.pl - This script will generate random name identifiers for
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# each user accounts from a service provider and an identity provider that
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# have one to one mappings in a flat file separated by "|".
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# For e.g. a flat file could like this:
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# uid=spuser1,ou=People,dc=sp,dc=com | uid=idpuser1,ou=People,dc=idp,dc=com
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# uid=spuser2,ou=People,dc=sp,dc=com | uid=idpuser2,ou=People,dc=idp,dc=com
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# uid=spuser3,ou=People,dc=sp,dc=com | uid=idpuser3,ou=People,dc=idp,dc=com
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# After running this script on the above flat file, it would generate two
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# other flat files which contains user id to name identifier mappings.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# For e.g., the output may look like this.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# uid=spuser1,ou=People,dc=sp,dc=com | 1is341jv024lkw3j6pmpr0s82apqxn8a
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# uid=spuser2,ou=People,dc=sp,dc=com | wkh34ldd88n8l54gzs4rftb34bs4837u
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# uid=spuser3,ou=People,dc=sp,dc=com | l514znc34u34n34gf65hdg6truqh7f2x2424
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# 2. saml2GenerateLDIF.pl - This script is useful if the service provider or the# identity provider is an OpenSSO. It helps in generating LDAP Vx
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# based LDIF files so that they could easily uploaded to the user entries.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# In this case, it assumes that the entries are userDNs.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# This script will require input parameters as follows.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# saml2GenerateLDIF.pl <nameidmappingsfile> localentityid remoteentityid
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# After running this script, it generates an LDIF file like this:
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# dn: uid=spuser1,ou=People,dc=sp,dc=com
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# changetype: modify
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# sun-fm-saml2-nameid-info: www.sp1.com|www.idp1.com|1is341jv024lkw3j6pmpr0s82apqxn8a|www.idp1.com|urn:oasis:names:tc:SAML:2.0:nameid-format:persistent|null|www.sp1.com|SPRole|false
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# sun-fm-saml2-nameid-infokey: www.sp1.com|www.idp1.com|1is341jv024lkw3j6pmpr0s82apqxn8a
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# dn: uid=spuser2,ou=People,dc=sp,dc=com
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# changetype: modify
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# sun-fm-saml2-nameid-info: www.sp1.com|www.idp1.com|wkh34ldd88n8l54gzs4rftb34bs4837u|www.idp1.com|urn:oasis:names:tc:SAML:2.0:nameid-format:persistent|null|www.sp1.com|SPRole|false
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# sun-fm-saml2-nameid-infokey: www.sp1.com|www.idp1.com|wkh34ldd88n8l54gzs4rftb34bs4837u
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# dn: uid=spuser3,ou=People,dc=sp,dc=com
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# changetype: modify
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# sun-fm-saml2-nameid-info: www.sp1.com|www.idp1.com|l514znc34u34n34gf65hdg6truqh7f2x2424|www.idp1.com|urn:oasis:names:tc:SAML:2.0:nameid-format:persistent|null|www.sp1.com|SPRole|false
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# sun-fm-saml2-nameid-infokey: www.sp1.com|www.idp1.com|l514znc34u34n34gf65hdg6truqh7f2x2424
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# The generated LDIF file could be loaded into the user repository using
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# ldapmodify as follows.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# ldapmodify -D "cn=Directory Manager" -w 11111111 -h www.sp1.com -p 389
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# -f generatedfile.ldif
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster print "Usage: saml2GenerateLDIF.pl nameidmappingfile hostentityid, remoteentityid, hostentityrole";
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster print "Example Usage: saml2GenerateLDIF.pl provider.txt www.sp1.com www.idp1.com IDP";
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster print "$role: Invalid Provider Role. Role must be either IDP or SP\n";
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster open(NIMH, $fileName) || die("Could not open file");
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster # Remove leading-trailing spaces.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $userdn=~ s/(^ *)||( *$)//g;
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $nameidentifier=~ s/(^ *)||( *$)//g;
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $fedkey="$hostentityid|$remoteentityid|$nameidentifier";
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $userinfo = $hostentityid."|".$remoteentityid."|";
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster print FH "sun-fm-saml2-nameid-info: $userinfo\n";
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster print FH "sun-fm-saml2-nameid-infokey: $fedkey\n";