Help

Extension Attribute for Azure Groups???

ooshnoo
Valued Contributor

Posted on ‎10-02-2023 06:51 AM

Hey folks...  Does anyone have an EA that can pull Azure group membership?

I have on in our JamfPro server from the previous admin, but it's not returning any results.  Does someone have a new one or know what might be wrong with this?

 

#!/bin/zsh

#API Username and Password
username="xxxxxx"
password="Scheisseb@lls1"
url="https://xxx.jamfcloud.com"
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
echo $loggedInUser

#Variable declarations
bearerToken=""
tokenExpirationEpoch="0"
aduser="$loggedInUser@xxx.com"

#AD group you are checking membership against
adgroup="Grp_Engineering_ALL"

getBearerToken() {
	response=$(curl -s -u "$username":"$password" "$url"/api/v1/auth/token -X POST)
	#checks if OS is below 12
	if [[ $(/usr/bin/sw_vers -productVersion | awk -F . '{print $1}') -lt 12 ]]; then
		bearerToken=$(echo "$response" | /usr/bin/awk -F \" 'NR==2{print $4}' <<< "$bearerToken" | /usr/bin/xargs)
		tokenExpiration=$(echo "$response" | grep "expires" | awk '{ print $3 }' | sed "s/\"//g")
	else
		bearerToken=$(echo "$response" | plutil -extract token raw -o - -)
		tokenExpiration=$(echo "$response" | plutil -extract expires raw - | awk -F . '{print $1}')
	fi
}

checkTokenExpiration() {
	if (("$tokenExpirationEpoch" > "$(date +%s)"))
	then
		echo "Token valid until the following epoch time: " "$tokenExpirationEpoch"
	else
		echo "No valid token available, getting new token"
		getBearerToken
	fi
}

invalidateToken() {
	responseCode=$(curl -w "%{http_code}" -H "Authorization: Bearer ${bearerToken}" $url/api/v1/auth/invalidate-token -X POST -s -o /dev/null)
	if [[ ${responseCode} == 204 ]]
	then
		echo "Token successfully invalidated"
		bearerToken=""
		tokenExpirationEpoch="0"
	elif [[ ${responseCode} == 401 ]]
	then
		echo "Token already invalid"
	else
		echo "An unknown error occurred invalidating the token"
	fi
}

checkTokenExpiration
membership=$(curl -X POST "$url/api/v1/cloud-idp/1/test-user-membership" -H  "accept: application/json" -H  "Authorization: Bearer ${bearerToken}" -H  "Content-Type: application/json" -d "{\"username\":\"$aduser\",\"groupname\":\"$adgroup\"}" | grep "isMember" | awk '{ print $3 }')
echo "<result>$membership</result>"

 

 

0 Kudos
Reply
0 REPLIES 0