#!/bin/bash
# Setup SecureTransport and OKTA variables
ST_HOSTNAME_OR_IP="Input SecureTransport FQDN or IP"
ST_ADMIN_PORT="Input SecureTransport AdminUI port number"

OKTA_DOMAIN="Your OKTA Domain"
OKTA_EMBEDDED_LINK="OKTA Embedded link"

# Ask for credentials
read -p "Username: " username
read -s -p "Password: " password
echo -e '\n'

# Perform authentication
sessionToken=$(curl -s -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: Mozilla/5.0" -d '{
  "username": "'${username}'",
  "password": "'${password}'",
  "options": {
    "multiOptionalFactorEnroll": false,
    "warnBeforePasswordExpired": false
  }
}' "https://${OKTA_DOMAIN}/api/v1/authn" | jq '.sessionToken' -r)

curl -s -X GET "https://${OKTA_DOMAIN}/login/sessionCookieRedirect?token=${sessionToken}&redirectUrl=https://${ST_HOSTNAME_OR_IP}:${ST_ADMIN_PORT}" -c "okta-cookie"

SAMLResponse=$(curl -s -X GET "${OKTA_EMBEDDED_LINK}" -b "okta-cookie"|grep SAMLResponse|awk -F '"' '{print $6}'|sed 's/+/%2B/g;s/=/%3D/g;')

curl -s -k -X POST "https://${ST_HOSTNAME_OR_IP}:${ST_ADMIN_PORT}/saml2/sso/post/j_security_check" -d "SAMLResponse=${SAMLResponse}&RelayState=" -c okta-cookie

curl -k -X POST "https://10.232.11.232:444/api/v2.0/myself" -b okta-cookie -c okta-cookie -H 'Referer: -'