-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcreate-remote-tokens.py
executable file
·83 lines (65 loc) · 2.77 KB
/
create-remote-tokens.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/opt/privacyidea/bin/python
from flask import Flask
from privacyidea.lib.token import init_token
from privacyidea.lib.user import User
import argparse
from privacyidea.app import create_app
import sys
__doc__ = """
This script is supposed to be called after a token is created.
It then creates remote tokens for a list of users, these remote tokens then point to the just created token.
This script is ment to be called by the ScriptEvent handler.
create-remote-tokens.py --serial <serial number>
You can place the script in your scripts directory /etc/privacyidea/scripts/
and use it in the script event handler.
Configure your script handler like:
event: token_init
position: Post
conditions:
* tokentype
action:
* background: background
* serial: True
* sync_to_database: True
Adapt it (like the USERNAMES) to your needs.
(c) 2024, Cornelius Kölbel <[email protected]>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 3 as
published by the Free Software Foundation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
"""
# This is a list of users to create remote tokens for
USERNAMES = ["root", "daemon"]
# The realm, where the usernames are located
REALM = "defrealm"
# Get the ID from your database of the remote server
REMOTE_SERVER_ID = 1
# SHould we check the PIN locally of the different users?
REMOTE_LOCAL_CHECK_PIN = False
def create_tokens(serial):
app = create_app(config_name="production",
config_file="/etc/privacyidea/pi.cfg",
silent=True)
with app.app_context():
for username in USERNAMES:
user = User(username, REALM)
if not user:
sys.stderr.write("User {0!s} does not exist.\n".format(username))
continue
params = {}
params["remote.server_id"] = REMOTE_SERVER_ID
params["remote.serial"] = serial
params["remote.local_checkpin"] = REMOTE_LOCAL_CHECK_PIN
params["type"] = "remote"
remote_token = init_token(params, user=user)
print("Created remote token {0!s} for user {1!s}.".format(remote_token, username))
parser = argparse.ArgumentParser()
parser.add_argument('--serial', dest='serial')
args = parser.parse_args()
serial = create_tokens(args.serial)