web services - cURL and Siteminder authentication -
we trying automate data collection using curl. unfortunately source system protected siteminder. (web access management software).
i tried using normal command
curl -kl -o my_data.xml -u username:password https://example.com/location/of/file (though username & password correct, displaying error)
error
http status 401 - request requires http authentication (). any idea how connect , fetch data siteminder authenticated page?
cheers
use siteminder reference find required parameters needed login.fcc template:
here example siteminder request/response:
http://hostname.example.com:9898/siteminderagent/forms/login.fcc?type= 33554433&realmoid=06-1716e557-15f3-100f-b9a4-835cc8200cb3&guid=&smauthreason= 0&method=get&smagentname=$sm$shjbzl4f9r%2bcsa0%2fegnu6ouqqpmqnugku6zvx5zwzpq% 3d&target=$sm$http%3a%2f%2fshivalik%2ered%2eiplanet%2ecom%3a9898%2fvalidation% 2findex%2ehtml /siteminderagent/forms/login.fcc?type=33554433&realmoid=06-1716e557-15f3- 100f-b9a4-835cc8200cb3&guid=&smauthreason=0&method=get&smagentname=$sm$shjbzl4 f9r%2bcsa0%2fegnu6ouqqpmqnugku6zvx5zwzpq%3d&target=$sm$http%3a%2f%2fshivalik%2 ered%2eiplanet%2ecom%3a9898%2fvalidation%2findex%2ehtml http/1.1 host: hostname.example.com:9898 user-agent: mozilla/5.0 (windows; u; windows nt 5.2; en-us; rv:1.8.1.11) gecko/20071127 firefox/2.0.0.11 accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5 accept-language: en-us,en;q=0.5 accept-encoding: gzip,deflate accept-charset: iso-8859-1,utf-8;q=0.7,*;q=0.7 keep-alive: 300 connection: keep-alive http/1.x 200 ok server: netscape-enterprise/6.0 date: fri, 01 feb 2008 23:46:12 gmt content-type: text/html; charset=iso-8859-1 connection: close ---------------------------------------------------------- http://hostname.example.com:9898/siteminderagent/forms/login.fcc?type= 33554433&realmoid=06-1716e557-15f3-100f-b9a4-835cc8200cb3&guid=&smauthreason= 0&method=get&smagentname=$sm$shjbzl4f9r%2bcsa0%2fegnu6ouqqpmqnugku6zvx5zwzpq% 3d&target=$sm$http%3a%2f%2fshivalik%2ered%2eiplanet%2ecom%3a9898%2fvalidation% 2findex%2ehtml post /siteminderagent/forms/login.fcc?type=33554433&realmoid=06-1716e557-15f3- 100f-b9a4-835cc8200cb3&guid=&smauthreason=0&method=get&smagentname=$sm$shjbzl4 f9r%2bcsa0%2fegnu6ouqqpmqnugku6zvx5zwzpq%3d&target=$sm$http%3a%2f%2fshivalik% 2ered%2eiplanet%2ecom%3a9898%2fvalidation%2findex%2ehtml http/1.1 host: hostname.example.com:9898 user-agent: mozilla/5.0 (windows; u; windows nt 5.2; en-us; rv:1.8.1.11) gecko/20071127 firefox/2.0.0.11 accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5 accept-language: en-us,en;q=0.5 accept-encoding: gzip,deflate accept-charset: iso-8859-1,utf-8;q=0.7,*;q=0.7 keep-alive: 300 connection: keep-alive referer: http://hostname.example.com:9898/siteminderagent/forms/ login.fcc?type=33554433&realmoid=06-1716e557-15f3-100f-b9a4-835cc8200cb3& guid=&smauthreason=0&method=get&smagentname=$sm$shjbzl4f9r%2bcsa0% 2fegnu6ouqqpmqnugku6zvx5zwzpq%3d&target=$sm$http%3a%2f%2fshivalik%2ered% 2eiplanet%2ecom%3a9898%2fvalidation%2findex%2ehtml content-type: application/x-www-form-urlencoded content-length: 233 smenc=iso-8859-1&smlocale=us-en&user=test&password=test&target=http% 3a%2f%2fhostname.example.com%3a9898%2fvalidation% 2findex.html&smauthreason=0&smagentname=shjbzl4f9r%2bcsa0% 2fegnu6ouqqpmqnugku6zvx5zwzpq%3d&postpreservationdata= http/1.x 302 moved temporarily server: netscape-enterprise/6.0 date: fri, 01 feb 2008 23:46:18 gmt content-type: magnus-internal/fcc set-cookie: smsession=2xm2iw6ftmbcja6rlk/yuy1crbudyxwockfpco95ykap2b4zzlopt qi2s14cq7nrja+fuq53aj0pmtxdvpktmckd1ql1hgx0gpk7xx2eqmp3iytak3qnahrgt7mqrtib bdee0rojcpgrmrtstec90ymdijrreeqfc38utu6mxo9bejwjrugn2rmf9wm4odl+4te0iuoip/k icr6sn2r03gbsbbjoi12oslh/4jayfowxsgbjcwdizvlfxniknakdy1uqr8ockeo33enn3w9rw9 zrjribqtqcxxmir+gsvaum8etezp6gcfkjc1s8i3dnusbbdqfyt81yusydeya9ukfvvojplzoit bkqajcaepoq+vtyxq4bh2rmjdpmvcixrm2bibm9qtuqd83c9qubtk1lq4j+ywpsvutiyeoghv+7 6vxws5nsvhk2gh4ztc0xsd76x2/1no8xmv9c3w4dcsp9cqq74/7+a7gzt+hxqspyqff4mdtnq/d xs5v7tcls0eyfcf8rwsbvdpniciebr3vtzghrl1kezheeh9tohmwqio9ccqz9rjxr7/nl+o/aqr 7m4o+lya7kxozaueuj0pg8ginteugvxmlwmr7xm/lp0pi9djm5mfbmp8ka+w0t6h9lhnlqgayza pckeabaxqlb8q8yjuzpdi0bvlp1awncx579dereocizczdq99rvdsqus77kcqatnyxrhqtxqbxxw bedf6gk9zcf29xtzo8hbldscqgobx1ovdvzdghcjhnupqf1fyltt/3mrz/jrxonbpgxg4c5zvgsu prnqb66rywqoelzxooh7ltpofhsmfodvnecsozmemxni8db08pyo5khrzjk2mr4o3rpntihppnxc d+imapuosg3fwf5sv6flh8jbie9/mzdiq06hgweiicnueydboli4twgy0/qpcbdj7oviu275vzic w6hmtryrxnevoq=; path=/; domain=.red.example.com cache-control: no-cache location: http://hostname.example.com:9898/validation/index.html connection: close ---------------------------------------------------------- http://hostname.example.com:9898/validation/index.html /validation/index.html http/1.1 host: hostname.example.com:9898 user-agent: mozilla/5.0 (windows; u; windows nt 5.2; en-us; rv:1.8.1.11) gecko/20071127 firefox/2.0.0.11 accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5 accept-language: en-us,en;q=0.5 accept-encoding: gzip,deflate accept-charset: iso-8859-1,utf-8;q=0.7,*;q=0.7 keep-alive: 300 connection: keep-alive referer: http://hostname.example.com:9898/siteminderagent/forms/ login.fcc?type=33554433&realmoid=06-1716e557-15f3-100f-b9a4-835cc8200cb3&guid= &smauthreason=0&method=get&smagentname=$sm$shjbzl4f9r%2bcsa0%2fegnu6ouqqpmqnug ku6zvx5zwzpq%3d&target=$sm$http%3a%2f%2fshivalik%2ered%2eiplanet%2ecom%3a9898% 2fvalidation%2findex%2ehtml cookie: smsession=2xm2iw6ftmbcja6rlk/yuy1crbudyxwockfpco95ykap2b4zzloptqi2s14 cq7nrja+fuq53aj0pmtxdvpktmckd1ql1hgx0gpk7xx2eqmp3iytak3qnahrgt7mqrtibbdee0roj cpgrmrtstec90ymdijrreeqfc38utu6mxo9bejwjrugn2rmf9wm4odl+4te0iuoip/kicr6sn2r03 gbsbbjoi12oslh/4jayfowxsgbjcwdizvlfxniknakdy1uqr8ockeo33enn3w9rw9zrjribqtqcxx mir+gsvaum8etezp6gcfkjc1s8i3dnusbbdqfyt81yusydeya9ukfvvojplzoitbkqajcaepoq+vt yxq4bh2rmjdpmvcixrm2bibm9qtuqd83c9qubtk1lq4j+ywpsvutiyeoghv+76vxws5nsvhk2gh4z tc0xsd76x2/1no8xmv9c3w4dcsp9cqq74/7+a7gzt+hxqspyqff4mdtnq/dxs5v7tcls0eyfcf8rw sbvdpniciebr3vtzghrl1kezheeh9tohmwqio9ccqz9rjxr7/nl+o/aqr7m4o+lya7kxozaueuj0p g8ginteugvxmlwmr7xm/lp0pi9djm5mfbmp8ka+w0t6h9lhnlqgayzapckeabaxqlb8q8yjuzpdi0 bvlp1awncx579dereocizczdq99rvdsqus77kcqatnyxrhqtxqbxxwbedf6gk9zcf29xtzo8hblds cqgobx1ovdvzdghcjhnupqf1fyltt/3mrz/jrxonbpgxg4c5zvgsuprnqb66rywqoelzxooh7ltpo fhsmfodvnecsozmemxni8db08pyo5khrzjk2mr4o3rpntihppnxcd+imapuosg3fwf5sv6flh8jbi e9/mzdiq06hgweiicnueydboli4twgy0/qpcbdj7oviu275vzicw6hmtryrxnevoq= http/1.x 200 ok server: netscape-enterprise/6.0 date: fri, 01 feb 2008 23:46:18 gmt set-cookie: smsession=jlo0tgmqfglpu+ghqcjqbnoe2pevax6fdzpgu7zagjupb/fxtjcbwx1 b1ro6qaljn6vovgnk8sy6ieilayv+lcis/omk1e0tsxnl5uvit3xiuwuismuklydmiloq6n3zsggr 9skbuch5yvfgcfgjhqfcbilzegqxbrrgh/l2rc8atehdcrprvbirhwqlxjbrcwmqfjw7h+huetiz9 bqcukwmbpew4ebfnyrlztgov3k5hg4hk4tuoyvoekdzaewltb4lm+qegwo2qv2mpdp+evtbivtrvh hthgfsthtjyqooc4rpv2dnl8axpwppgbyeumfmeservice provider9x5hvxdi91iyobtybkpdz0 bltkvnhbqwblfehuptjfxs3z54y9dmiuoq+b5kdrs7dnuvrnai1zqddkqeva4pt+va9ko18ah9v1i 7bz9d/x60uwxfaa3ty8lrgwhmyqdbulfmd1b29sxbonhwdj2faxqjgjmpsez5ihb50ovf4yfxrypp 5tl7ejxieblkx02lfrg/osnz9ukhrmy1mrk5wwhjlyb040advctnrfkc39vcyia1egdyhc/naod41 2hp5s0ux0/59admlbsx/qbjcdody3li+4eznk1ohw/9yr3lcjewj+h9w0k0/dqw99vgwem2rpfgh5 y7w6k6h1efp67vkxlbij1ozpje2scedaoula8qsc8fq0vwty/tfvhvtqjoaslzracx7uhpzbze1ea pd8x7uejqufll3wpdnzyobd0dqleowzcf2rpicfbn+8x8oig5kzvagq9r8mr+h7okyfhmwwbdaqkb kppixjpelnxkpkevwj9hohopz/txcquahqpv41yjz6cqfbfuqdohbfje9o+0pj1ahmnti4vyzoqdx sa+n9cgkjnq8ruhoqskhaqfegipwcm2fmu3uqmtr+0/+5bi7cbs=; path=/; domain=.red.example.com content-type: text/html etag: "dcea10a4-1-0-88" last-modified: thu, 10 jan 2008 01:42:07 gmt content-length: 136 accept-ranges: bytes ----------------------------------------------------------
the hidden inputs listed in following figure used hold state credential collectors:
an fcc can interpret number of special name/value pairs (@directives) invoke nonstandard processing. special @directives , meanings follow:
special name/value pairs postpreservationdata data user submits through post request. username name login user name. password password perform login. target resource access after login. smheaders colon separated list of response names include in namespace. colon separated list must contain entry each header want include in transaction. example, if want pass value of header1 , header2 part of transaction, include following line in fcc: @smheaders=header1:header2 smerrorpage if there error on post custom form, user browser redirected page. if special value not specified in .fcc file, system uses .unauth file associated .fcc file error page. smretries specifies maximum number of login attempts allowed. if set directive 0, number of retries unlimited. if set number 1 or greater, number of retries allowed. note: if users log in using post .fcc form, may appear user given additional attempts log in beyond value of smretries directive. however, user allowed access if valid credentials entered in number of attempts smretries specifies. smpasswordfcc determines whether data posted password services fcc file or different fcc file. default: 1 important! recommend use default value. safeword authentication scheme may not work if default value changed. smusrmsg text describes why user challenged / failed login. smauthreason reason code associated login failure. smsavecreds set yes save user credentials in persistent cookie on user browser. smsave colon separated list of names saved persistent cookies. save name smsave. smtransient colon separated list of names saved transient cookies. smagentname specifies agent name supplied policy server when user enters credentials , submits form authentication. if agent parameter, fcccompatmode=no, specify value using directive. smlogout logs user out of system, similar logoffuri parameter. placing @smlogout=true in .fcc template, fcc logs user out , redirect user target. such, @smlogout directive typically used @target directive (@target=). urlencode(name) replaced url encoded value of named variable. note: if expect additional attributes or password contain special characters (" . & = + ? ; / : @ = , $ %), url-encode each additional attribute value in .fcc template file. template uses us-ascii encoding. urldecode(name) replaced url decoded value named variable. note: “sm” prefix name/value pairs reserved additional special names system requires. when creating names login page not use “sm” prefix. localization name/value pairs .fcc template files include 2 localization parameters: smlocale used determine language used in html forms collect user information or display status messages. value paired smlocale corresponds part of name of localization properties file. localization properties file contains ids mapped text strings in specified language. smlocale values have following format: country-language example, value smlocale united states english is: smlocale=us-en smenc contains information tells browser language encoding use. changing default value variable overrides encoding set in following meta tag: at minimum, .fcc file must collect following:
user name
password
target
important! if users submitting post requests resource protected authentication scheme uses credential collector (see following figure), use postpreservationdata input. otherwise, data users attempt post requested resource lost.
references
Comments
Post a Comment