login - Logging into SAML/Shibboleth authenticated server using python -


i'm trying login university's server via python, i'm entirely unsure of how go generating appropriate http posts, creating keys , certificates, , other parts of process may unfamiliar required comply saml spec. can login browser fine, i'd able login , access other contents within server using python.

for reference, here site

i've tried logging in using mechanize (selecting form, populating fields, clicking submit button control via mechanize.broswer.submit(), etc.) no avail; login site gets spat each time.

at point, i'm open implementing solution in whichever language suitable task. basically, want programatically login saml authenticated server.

basically have understand workflow behind salm authentication process. unfortunately, there no pdf out there seems provide in finding out kind of things browser when accessing saml protected website.

maybe should take this: http://www.docstoc.com/docs/33849977/workflow-to-use-shibboleth-authentication-to-sign , this: http://en.wikipedia.org/wiki/security_assertion_markup_language. in particular, focus attention scheme:

enter image description here

what did when trying understand saml way of working, since documentation so poor, writing down (yes! writing - on paper) steps browser doing first last. used opera, setting in order not allow automatic redirects (300, 301, 302 response code, , on), , not enabling javascript. wrote down cookies server sending me, doing what, , reason.

maybe way effort, in way able write library, in java, suited job, , incredibily fast , efficient too. maybe someday release public...

what should understand that, in saml login, there 2 actors playing: idp (identity provider), , sp (service provider).

a. first step: user agent request resource sp

i'm quite sure reached link reference in question page clicking "access protected website". if make more attention, you'll notice link followed not 1 in authentication form displayed. that's because clicking of link idp sp step saml. first step, actally. allows idp define you, , why trying access resource. so, you'll need making request link followed in order reach web form, , getting cookies it'll set. won't see samlrequest string, encoded 302 redirect find behind link, sent idp making connection.

i think it's reason why can't mechanize whole process. connected form, no identity identification done!

b. second step: filling form, , submitting it

this 1 easy. please careful! cookies now set not same of cookies above. you're connecting utterly different website. that's reason why saml used: different website, same credentials. may want store these authentication cookies, provided successful login, different variable. idp going send response (after samlrequest): samlresponse. have detect getting source code of webpage login ends. in fact, page big form containing response, code in js automatically subits it, when page loads. have source code of page, parse getting rid of html unuseful stuff, , getting samlresponse (encrypted).

c. third step: sending response sp

now you're ready end procedure. have send (via post, since you're emulating form) samlresponse got in previous step, sp. in way, provide cookies needed access protected stuff want access.

aaaaand, you're done!

again, think precious thing you'll have using opera , analyzing redirects saml does. then, replicate them in code. it's not difficult, keep in mind idp utterly different sp.


Comments

Post a Comment

Popular posts from this blog

c# - DetailsView in ASP.Net - How to add another column on the side/add a control in each row? -

i have detailsview control on page used edit various fields of record, works in respect. i looking way add 1 column (and if works, why not more) right, absolutely read-only, show same fields of record comparison purposes. i aware there no obvious way such thing out of box detailsview . have looked other controls (transposed gridview , recommended formview , listview ), nothing satisfies. have special data binding setup using detailsview , can't out of without losing features. anyone on how "hack in" additional columns (for display only) on detailsview ? the solution have now, use second detailsview , visible set false in aspx. in code, make sure databind hidden detailsview hosts data third column first, initial detailsview named itemdetails . and in item created event, pass third column html rendering of hidden controls (in last code block) : protected void itemdetails_itemcreated(object sender, eventargs e) { if (dataite
Read more

javascript - firefox memory leak -

i have following script (i use raphaeljs also) draws circle, waits 1 second, draws circle again, etc (you can copy paste - functional, need include raphael raphaeljs.com): <div id="holder"> </div> <script src="raphael.js" type="text/javascript"></script> <script> var paper = raphael(10, 50, 320, 200); var rad = math.pi / 180; var finangle = 0; function sector(cx, cy, r, startangle, endangle, params) { var x1 = cx + r * math.cos(-startangle * rad), x2 = cx + r * math.cos(-endangle * rad), y1 = cy + r * math.sin(-startangle * rad), y2 = cy + r * math.sin(-endangle * rad); return ["m", cx, cy, "l", x1, y1, "a", r, r, 0, +(endangle - startangle > 180), 0, x2, y2]; } var path = sector(100,100,50,0,180); var arc = paper.path(path); function draw() { path = sector(100,100,50,0,finangle);
Read more

Trying to import CSV file to a SQL Server database using asp.net and c# - can't find what I'm missing -

i student , quite new programming, , given task using asp.net , c#, without being taught either. plan learn teach ourselves. the task stuck on making website import csv file sql server database of last year's room bookings around campus. the table has following columns: request_id; priority; module_id; day; start_time; length; park; students; room_code; status; semester_id; linked_request; week_1; week_2; week_3; week_4; week_5; week_6; week_7; week_8; week_9; week_10; week_11; week_12; week_13; week_14; week_15; ) in code, try make work 3 columns (request_id,priority,module) starters. when press import button, want read .csv file (with fixed name @ fixed directory) eg "1,2,3" - comma separating fields [delimiter] - , import sql server datab
Read more