I'm trying to set up a simple script that uses cURL to monitor our SharePoint Online site by doing the following:-
- Log into our Office 365 environment using a federated identity (ADFS 2.1) using the "../adfs/services/trust/13/UsernameMixed" endpoint
- Obtain SharePoint cookies (FedAuth etc)
- Browse to SharePoint site (verify content etc)
To do the first step, I'm using cURL to do submit the following POST to our ADFS endpoint:
curl https://sts.contoso.com/adfs/services/trust/13/UsernameMixed --data @req.txt -H "Content-Type: application/soap+xml" -o out.txt
The SOAP envelope I am sending is requesting the following (this is just an extract of the request):
<trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<a:EndpointReference>
<a:Address>https://login.microsoftonline.com/extSTS.srf</a:Address>
</a:EndpointReference>
</wsp:AppliesTo>
<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
<trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>
</trust:RequestSecurityToken>
The response I get back from this contains an X509 certificate, a digest and a signature which I do not know what to with. All the guides I can see online result in a "BinarySecurityToken" being returned from this initial request which you can extract and post to Sharepoint.com to get the necessary cookies to gain access. Admittedly they are all using the MicrosoftOnline STS though (cloud credentials) so is this just something that the Microsoft STS can achieve but not ADFS servers?
Or is there something glaringly wrong in my approach?
Any help would be greatly appreciated.
Cheers,
Duncan