Argus pepcli command line
The pepcli command allows you to submit a XACML request to the PEP daemon and display the XACML response.
The command is very useful to check if a XACML policy applies (decision is Permit, Deny, Not Applicable or Indeterminate) for the given XACML request. Or to check if the XACML response correspond to the values you are expecting (uidgid, secondary-gids, ...) for the user mapping.
The full documentation is available online https://twiki.cern.ch/twiki/bin/view/EGEE/AuthZPEPCCLI
Usage:
pepcli --pepd <URL> --keyinfo <FILE> [options...]
pepcli --pepd <URL> --subjectid <DN> [options...]
Submit a XACML Request to the PEP Server and show the XACML Response.
Options:
-p|--pepd <URL> Argus PEP server endpoint URL.
-k|--keyinfo <FILE> XACML Subject key-info: proxy or X509 file.
-s|--subjectid <DN> XACML Subject subject-id: user DN (format RFC2253).
-f|--fqan <FQAN> XACML Subject primary FQAN and FQANs
Add multiple --fqan options for secondary FQANs.
-r|--resourceid <URI> XACML Resource resource-id.
-a|--actionid <URI> XACML Action action-id.
--profileid <URI> XACML profile-id (default TODO).
-t|--timeout <SEC> Connection timeout in second (default 30s).
-x|--requestcontext Show effective XACML Request context.
-v|--verbose Verbose.
-q|--quiet Turn off output.
-d|--debug Show debug information.
-h|--help This help.
-V|--version Display version and exit.
TLS options:
--capath <DIR> Directory containing the server PEM encoded CA certificates.
--cacert <FILE> Server PEM encoded CA certificate filename.
--cert <FILE> Client PEM encoded certificate filename.
--key <FILE> Client PEM encoded private key filename.
--keypasswd <PASSWD> Password of the client private key
If the --keypasswd is omitted and the private key is encrypted,
then you will be prompted for the password.