I have discovered that cURL is intelligent than humans !! cURL is surrounded by a huge list of command-line options which makes it even powerful than browser itself
Siteminder Realm - A domain which shares an authentication database and servers. There is a single name-space for principal name/instance pairs within a realm. A realm is also a logical collection of clients and servers registered in the database.
SSO - Single Sign-on by various mechanisms. We had One time password (OTP) also in our devices which needs manual entry as its tied to a human user.
Carefully look into this "authenticationPageURI" variable and determine where is your "Target" location starts eg
This extracts the target URI
Now extract the cookie data into a file (tmpDiaryFolioCookieFile)
Now using this tmpDiaryFolioCookieFile, we will play.
Scenario in our company
- Siteminder protects web-pages and web-services under particular FQDN/realm
- Siteminder integrates with SSO/LDAP. Hence a Userid/Password is always displayed when u enter our FQDN
- We wanted to automate data collection and measurement via automated mechanism and cannot bypass siteminder security
Some Definitions
Siteminder Realm - A domain which shares an authentication database and servers. There is a single name-space for principal name/instance pairs within a realm. A realm is also a logical collection of clients and servers registered in the database.
SSO - Single Sign-on by various mechanisms. We had One time password (OTP) also in our devices which needs manual entry as its tied to a human user.
How it can be achieved
- cURL can do the magic !! Install cURL (hopefully most of *NIX systems have cURL installed) and put into your classpath
- When a request is received at FQDN, Siteminder asks you to authenticate
- You will Notice that the URL you entered have changed and is a very long URL now !!
- If you carefully look the URL, it shows the URL has a "Target" component which would be the landing page it would redirect after successful login
- The idea is to grab the "Target" URL, the cookie headers & put in the credentials as a config file.
eg RequstURL = https://diaryfolio.com:443/webServices/signon userID = diaryfolio passWord = test
Fetch the URI for login authenticationPageURI=`curl -s -I --cookie-jar tmpCookieFile --cookie tmpCookieFile --insecure ${RequstURL} | grep Location| sed "s/Location: //g"`
Carefully look into this "authenticationPageURI" variable and determine where is your "Target" location starts eg
https://diaryfolio.com:443/LoginPage/?myCustomTarget=https%3A%2F%diaryfolio%3A443%2FwebServices%2Fsignon%3Floc%3DZ2thgRC3_-L_w0YbyB6qaOe4Am2gKkrZPw8vQLD_4yY
targetURI=`echo $authenticationPageURI | sed 's/^.*\?myCustomTarget=/\?myCustomTarget=/'` fullTargetURI=${RequstURL}"/addExtraVariablesIfYouHave/"${targetURI} # This will be your whole URL
This extracts the target URI
Now extract the cookie data into a file (tmpDiaryFolioCookieFile)
curl -s --insecure --cookie-jar tmpDiaryFolioCookieFile --cookie tmpDiaryFolioCookieFile --location --data "user=${userID}&pass=${passWord}" ${fullTargetURI} > webServiceData.xml
Now using this tmpDiaryFolioCookieFile, we will play.
#Delete a web-service function. It is your function curl -s -L --insecure --cookie-jar tmpDiaryFolioCookieFile --cookie tmpDiaryFolioCookieFile "${fullTargetURI}"/webServices/delete/myWebService >/dev/null
#Import a web-service. It is your function curl -s -L --insecure --cookie-jar tmpDiaryFolioCookieFile --cookie tmpDiaryFolioCookieFile -F uploadFile=webServiceData.xml "${fullTargetURI}"/webServices/import