#!/bin/bash

. /usr/lib/eole/diagnose.sh

EchoGras "*** Service SSO"
sso_actif=$(CreoleGet activer_sso)
if [ "$sso_actif" != 'non' ];then
    TestHTTPService SSO https://$(CreoleGet eolesso_adresse):$(CreoleGet eolesso_port)$(CreoleGet eolesso_cas_folder)
    if [ "$sso_actif" == "local" ]; then
        EoleSSOCert=$(CreoleGet eolesso_cert)
        EoleSSOCA=$(CreoleGet eolesso_ca_location)
        # Vérification du certificat si différent de eole.crt
        if [ ! -z "$EoleSSOCert" ];then
            EchoGras "*** Certificat SSO"
            TestCerts "$EoleSSOCert" 10 "certificat expiré" "$EoleSSOCA" "$EoleSSOCA"
        fi
    fi
    openid_actif=$(CreoleGet activer_openid)
    if [ "$openid_actif" == "oui" ]
    then
        EchoGras "*** Configuration des fournisseurs OpenID Connect"
        for prov in $(CreoleGet openid_providers)
        do
            grep "^$prov.*=.*:.*" /etc/eole/eolesso_openid.conf >/dev/null
            if [ $? -ne 0 ]
            then
                EchoOrange "* Pas d'identifiant/clé configurés pour le client OpenID : $prov"
                EchoOrange "  Renseigner /etc/eole/eolesso_openid.conf (Voir la documentation d'EoleSSO)"
            fi
        done
    fi
else
	Inactif SSO
fi
echo
exit 0
