See the attachment - this is a bit altered script that I use to fetch the whole intranet that is secured with Cosign. You can try to study it...
-----Original Message----- From: Chris Poole [mailto:[email protected]] Sent: Thursday, January 27, 2011 6:27 PM To: Andrew Mortensen Cc: [email protected] Subject: Re: [Cosign-discuss] Send HTTP POST to cosign-protected page? Thanks, I've been looking over the HTTP headers using Live HTTP headers add-on, but have gotten myself horribly confused. (This is the first time I've attempted to write a script to pass through any sort of authentication.) Am I right in thinking that I first GET https://weblogin.mydomain/?cosign-www&http://www.mydomain/event.php?action=edit >From the response headers I extract the login_cookie data send another GET request, this time to 'http://www.mydomain/cosign/valid?cosign-www=' + login_cookie + '&http://www.mydomain/event.php?action=edit' I think I'm doing something quite wrong here, but don't know enough about cosign to know what the issue is. On Thu, Jan 27, 2011 at 4:24 PM, Andrew Mortensen <[email protected]> wrote: > > > On Jan 27, 2011, at 10:20 AM, Chris Poole wrote: > >> Hi, >> >> I am a user of a cosign system, not admin. >> >> I'm wanting to use HTTP POST method to send data to a page, which is >> behind my institution's cosign system.... >> I'd like to do this in a script (python with httplib2), to save myself time. >> >> I first try a HTTP GET method, to get the cosign cookie. I >> authenticate myself in the script, and get these headers: >> >> {'status': '200', 'content-location': >> 'https://weblogin.mydomain/?cosign-www&http://www.pageIWant.php', >> 'transfer-encoding': 'chunked', 'set-cookie': >> ....} > > The authentication failed, then. A 200 status from the cosign.cgi means the > login page (or a weblogin error status page) is being returned in response to > your authentication POST. I'm assuming since you know to make the GET request > first to get the weblogin cookie that you also know to include that same > cookie with your login POST. > > >> If I then try to use HTTP POST to send data to "pageIWant.php", I get >> the following headers: >> >> {'status': '302', 'content-length': '300', 'server': 'Apache', >> 'location': 'https://weblogin.mydomain/cosign >> /post_error.html', ...} >> >> Is what I want to do not possible? Or am I going about it the wrong way? > > Certainly possible. You just need to figure out why the cgi thinks your > authentication POST is bad. It could be missing or invalid form field names, > bad or missing URL encoding of the password, or a number of other things. > Without access to the weblogin server's error logs, it may be difficult to be > sure. Dumping your login POST to a file and comparing with a login POST > captured by Firefox's Live HTTP headers add-on might point out the problem. > > andrew ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
fetch.sh
Description: fetch.sh
------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
