User login on a website using Shibboleth without a browser

Luis Rodríguez Fernández uo67113 at gmail.com
Mon May 7 12:25:45 EDT 2018 

Hello Benito,

Joseph Fischetti solution should work for you. CERN linux folks
implementing something very similar[1].  However keep in mind that this is
a hack. ECP should be the way to go.

> Just login in a half of dozen universities

This statement makes me think that you are building some kind of test
benchmarks. Some people (me included) use apache jmeter for this purpose [2]

Hope it helps,

Luis

[1] http://linux.web.cern.ch/linux/docs/cernssocookie.shtml
[2] https://www.blazemeter.com/blog/how-load-test-saml-sso-secured-websites

2018-05-07 15:49 GMT+02:00 Joseph Fischetti <Joseph.Fischetti at marist.edu>:

> As others have said, using the ECP endpoint would really be the right way
> to
> handle this, but since it doesn't seem like you have any control of the
> IDP's in question... that's not an option for you.
>
> Below is [the relevant code from] a bash script that logs in to a service
> provider via a specified idp.  A successful login to the SP would produce a
> cookie for the service provider's entityID in /tmp/sessioncookies.  I use
> it
> for monitoring whether or not our shibboleth authentication is working to a
> given service provider.
>
> In short, if you curl the idp initiated login url with valid credentials,
> you'll get (among other things) the SAML Response, which needs to be
> formatted and posted to a service provider. No need to find login buttons
> or
> parse html with the given solution.
>
> There's probably better ways to do this, and your mileage may vary...
>
> #log into the auth page using idp initiated login with test credentials,
> save the cookies to a local file
> curl --cookie-jar /tmp/sessioncookies -k -u USERNAME:PASSWORD -o
> /tmp/login.html
> "IDPURL/idp/profile/SAML2/Unsolicited/SSO?providerId=https://$entityID"
>
> #Create a file for the SAML Response, which will be passed to the SP page
> in
> a post.  Format is SAMLResponse=XXXXXXXX
> echo "SAMLResponse=" > /tmp/validsession.data
> cat /tmp/login.html | awk 'match($0, /value=\".*\"\/>/) {print substr($0,
> RSTART+7, RLENGTH-10)}' | grep -v "Continue" >> /tmp/validsession.data
>
> #Formatting of the response has plus signs, and those need to be replaced
> with %2B
> sed -i -e 's/\+/\%2B/g' /tmp/validsession.data
>
> #Post the saml response to the SP, use the same cookie jar
> curl -L -b /tmp/sessioncookies --cookie-jar /tmp/sessioncookies -i -X POST
> -o /tmp/successtmp.html https://$entityID/Shibboleth.sso/SAML2/POST
> --data-binary "@/tmp/validsession.data"
>
> Joe Fischetti
> Linux System Administrator
> Marist College
>
> E-mail: joseph.fischetti at marist.edu
>
>
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/
> confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180507/da7f196c/attachment.html>

More information about the users mailing list