Skip to main content

cURL-Siteminder Automation (Automating Authentication)

By df
I have discovered that cURL is intelligent than humans !! cURL is surrounded by a huge list of command-line options which makes it even powerful than browser itself

Scenario in our company


  • Siteminder protects web-pages and web-services under particular FQDN/realm

  • Siteminder integrates with SSO/LDAP. Hence a Userid/Password is always displayed when u enter our FQDN

  • We wanted to automate data collection and measurement via automated mechanism and cannot bypass siteminder security

Some Definitions


Siteminder Realm - A domain which shares an authentication database and servers. There is a single name-space for principal name/instance pairs within a realm. A realm is also a logical collection of clients and servers registered in the database.
SSO - Single Sign-on by various mechanisms. We had One time password (OTP) also in our devices which needs manual entry as its tied to a human user.

How it can be achieved


  • cURL can do the magic !! Install cURL (hopefully most of *NIX systems have cURL installed) and put into your classpath

  • When a request is received at FQDN, Siteminder asks you to authenticate

  • You will Notice that the URL you entered have changed and is a very long URL now !!

  • If you carefully look the URL,  it shows the URL has a "Target" component which would be the landing page it would redirect after successful login

  • The idea is to grab the "Target" URL, the cookie headers & put in the credentials as a config file.

eg RequstURL = https://diaryfolio.com:443/webServices/signon 
userID = diaryfolio 
passWord = test


Fetch the URI for login 
authenticationPageURI=`curl -s -I --cookie-jar tmpCookieFile --cookie tmpCookieFile --insecure ${RequstURL} | grep Location| sed "s/Location: //g"`

Carefully look into this "authenticationPageURI" variable and determine where is your "Target" location starts eg
https://diaryfolio.com:443/LoginPage/?myCustomTarget=https%3A%2F%diaryfolio%3A443%2FwebServices%2Fsignon%3Floc%3DZ2thgRC3_-L_w0YbyB6qaOe4Am2gKkrZPw8vQLD_4yY

targetURI=`echo $authenticationPageURI | sed 's/^.*\?myCustomTarget=/\?myCustomTarget=/'`
 fullTargetURI=${RequstURL}"/addExtraVariablesIfYouHave/"${targetURI}  # This will be your whole URL

This extracts the target URI


Now extract the cookie data into a file  (tmpDiaryFolioCookieFile)
curl -s --insecure --cookie-jar tmpDiaryFolioCookieFile --cookie tmpDiaryFolioCookieFile --location --data "user=${userID}&pass=${passWord}" ${fullTargetURI} > webServiceData.xml

Now using this tmpDiaryFolioCookieFile, we will play.
#Delete a web-service function. It is your function 
curl -s -L --insecure --cookie-jar tmpDiaryFolioCookieFile --cookie tmpDiaryFolioCookieFile "${fullTargetURI}"/webServices/delete/myWebService >/dev/null

#Import a web-service. It is your function 
curl -s -L --insecure --cookie-jar tmpDiaryFolioCookieFile --cookie tmpDiaryFolioCookieFile -F uploadFile=webServiceData.xml "${fullTargetURI}"/webServices/import

Labels:

Popular posts from this blog

Create your own Passport Photo using GIMP

By df
This tutorial is for semi-techies who knows a bit of GIMP (image editing).   This tutorial is for UK style passport photo ( 45mm x 35 mm ) which is widely used in UK, Australia, New Zealand, India etc.  This is a quick and easy process and one can create Passport photos at home If you are non-technical, use this link   .  If you want to create United States (USA) Passport photo or Overseas Citizen of India (OCI) photo, please follow this link How to Make your own Passport Photo - Prerequisite GIMP - One of the best image editing tools and its completely Free USB stick or any memory device to store and take to nearby shop A quality Digital camera Local Shops where you can print. Normally it costs (£0.15 or 25 US cents) to print 8 photos Steps (Video Tutorial attached blow of this page) Ask one of your colleague to take a photo  of you with a light background. Further details of how to take a photo  yourself       Take multiple pictures so that you can choose from th
Read more

Syslog Standards: A simple Comparison between RFC3164 & RFC5424

By
Syslog Standards: A simple Comparison between RFC3164 (old format) & RFC5424 (new format) Though syslog standards have been for quite long time, lot of people still doesn't understand the formats in detail. The original standard document is quite lengthy to read and purpose of this article is to explain with examples Some of things you might need to understand The RFC standards can be used in any syslog daemon (syslog-ng, rsyslog etc.) Always try to capture the data in these standards. Especially when you have log aggregation like Splunk or Elastic, these templates are built-in which makes your life simple. Syslog can work with both UDP & TCP  Link to the documents the original BSD format ( RFC3164 ) the “new” format ( RFC5424 ) RFC3164 (the old format) RFC3164 originated from combining multiple implementations (Year 2001)
Read more

VS Code & Portable GIT shell integration in Windows

By df
Visual Studio Code & GIT Portable shell Integration Summary Many of your corporate laptop cannot install programs and it is quite good to have them as portable executables. Here we find a way to have Portable VS Code and Portable GIT and integrate the GIT shell into VS Code Pre-Reqs VS Code (Install version or Portable ) GIT portable Steps Create a directory in your Windows device (eg:  C:\installables\ ) Unpack GIT portable into the above directory (eg it becomes: C:\installables\PortableGit ) Now unpack Visual Studio (VS) Code and run it. The default shell would be windows based Update User or Workspace settings of VS Code (ShortCut is:  Control+Shift+p ) Update the settings with following setting { "workbench.colorTheme": "Default Dark+", "git.ignoreMissingGitWarning": true, "git.enabled": true, "git.path": "C:\\installables\\PortableGit\\bin\\git.exe", "terminal.integrated.shell.windows"
Read more