Is an automat can access to protected ressources

book

Article ID: 101647

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction



I have a question about the connections to a protected ressource by an
automat.

I would like to know how to connect to different SiteMinder protected
ressources through SoapUI for example. Have you ever seen any use case
like this ? And how does it will work through SoapUI to make GET and
POST request in /siteminderagent/forms/login.fcc page ?

I have done connections using Fiddler and I would like to replay the
following POST through SoapUI:

########################################################## 
POST https://myhost.mydomain.com/siteminderagent/forms/login.fcc?TYPE=33554433&REALMOID=07-4444a0a1-1038-43bb-b5s5-6sdadf7c2fc1&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-dasdjajjrjjJjHgadasdasd%2sajdaSDldSADSA&TARGET=-SM-HTTPS%3A%2F%2Fmyhost.mydomain.com%2Fmyapp HTTP/1.1 
Accept: text/html, application/xhtml+xml, */* 
Referer: https://myhost.mydomain.com/siteminderagent/forms/login.fcc?TYPE=33554433&REALMOID=07-4444a0a1-1038-43bb-b5s5-6sdadf7c2fc1&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-dasdjajjrjjJjHgadasdasd%2sajdaSDldSADSA&TARGET=-SM-HTTPS%3A%2F%2Fmyhost.mydomain.com%2Fmyapp
Accept-Language: fr-FR 
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) 
Content-Type: application/x-www-form-urlencoded 
Accept-Encoding: gzip, deflate 
Host: myhost.mydomain.com
Content-Length: 294 
Connection: Keep-Alive 
Cache-Control: no-cache 
Cookie: UserRefURL=HTTPS%3A%2F%2Fmyothermachine.mydomain.com%2Fmyapp

SMENC=iso-8859-1&SMLOCALE=FR-fr&ident=myname&USER=myuser&fake=password&PASSWORD=myrealpassword&target=HTTPS%3A%2F%2Fmyhost.mydomain.com%2Fmyapp
########################################################## 

How can I make this working in batch mode ?

Environment

Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP
Component:

Resolution

The challenge is to pass the login phase, that mean to automate the
login, and store the cookie produced after while.

The best way to do it is to run cURL as the sample here :

  cURL and Siteminder authentication 
  https://stackoverflow.com/questions/18128906/curl-and-siteminder-authentication 

You have set the following command line to achieve this :

CURL.EXE -vikL -X POST --data @PostData.txt -D headers.txt \
 -H "Host: myhost.mydomain.com" \
 --user-agent "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"\
 -H "set-cookie: SMTRYNO=1; path=/; domain=.mydomain.com" -H "Accept: text/html, application/xhtml+xml, */*" \
 -H "Cookie: UserRefURL=HTTPS%3A%2F%2Fmyothermachine.mydomain.com%2Fmyapp" \
 -H "Accept-Language: fr-FR" -H "Content-Type: application/x-www-form-urlencoded" \
 -H "Referer: https://myhost.mydomain.com/siteminderagent/forms/login.fcc?TYPE=33554433&REALMOID=07-4444a0a1-1038-43bb-b5s5-6sdadf7c2fc1&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-dasdjajjrjjJjHgadasdasd%2sajdaSDldSADSA&TARGET=-SM-HTTPS%3A%2F%2Fmyhost.mydomain.com%2Fmyapp" "https://myhost.mydomain.com/siteminderagent/forms/login.fcc?TYPE=33554433&REALMOID=06-6364a0a6-1936-43ff-bfb8-65ad6f7c2fc1&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-oVS9xr8dK6DuVL3L9PHBpqCHACCj1grMtKi6%2biu5usZJKa%2fYX26Nx8alz5%2b2K4jD&TARGET=-SM-HTTPS%3A%2F%2Fmyothermachine.mydomain.com%2Fmyapp" -o resCURL.txt

########### Details of the command :
#
# This curl command allows to make HTTP (GET, POST, PUT ...) requests
# through siteminder to access to protected ressources. It can be used
# to automate user experience in certain case or by a batch programs
# for specific uses on some projects. In the file dataToPOST.txt we
# will find user/password, the siteminder protected ressource you want
# to access...
#
######################### PostData.txt file contents 10 lines :

#

SMENC=iso-8859-1&
SMLOCALE=FR-fr&
ident=myname&
USER=mypassword&
fake=password&
PASSWORD=myrealpassword&
target=HTTPS%3A%2F%2Fmyhost.mydomain.com%2Fmyapp&
smauthreason=0&
smagentname=dasdjajjrjjJjHgadasdasd%2sajdaSDldSADSA&
postpreservationdata=

# The different headers are specified through curl option -H (--header
# could be rigth too)

# The option -D allows to specify the name of the file (headers.txt)
# in which all the request response headers will be stored.

# The option -o allows to specify the name of the file (resCURL.txt)
# in which the standard output will be stored.

# This CURL COMMAND allows to authenticate user in siteminder. In the
# response header, we can retreive the cookie SMSESSION and reuse it
# in other requests.