#!/bin/bash
###########################################
# getPubcookie
# v2 - robaker
# Fetches a web resource from a server
# that is pubcookie-enabled and stores the
# SSO token locally for future requests
# as long as the token remains valid.
#
# Usage: getPubcookie [App URL ]
#
# App URL must be a pubcookie-enabled
# server. Before initial use, USERNAME
# and PASSWORD need to be changed to
# your own login credentials. As such,
# this file should retain 700 unix
# permission leveling and should not be
# stored on a system with shared-level
# administrative access
###########################################
APPURL=$1
LOGINURL='https://login.com'
USERNAME='yourUsername'
PASSWORD='yourPassword'
PROGRAM_NAME=${0##*/}
usage()
{
echo "usage: ${PROGRAM_NAME} [App URL]"
echo "e.g: ${PROGRAM_NAME} https://wiki.com/wiki/User:Robaker"
exit 2
}
[ $# -ge 1 ] || \
usage
if [ -f pubcookie_s ]; then
# Verify session remains valid
curl -k -b pubcookie_s -s $LOGINURL | grep "You are still logged in" > /dev/null 2>&1;
if [ $? -eq 0 ]; then
# Session is valid, fetch the App URL
curl -k -b pubcookie_s $APPURL;
exit;
fi
fi
# Request pre-session and granting request cookies from pubcookie auth-controlled App Server
curl -k -c pubcookie_pre_s -s -o /dev/null $APPURL
# Parse login form hidden fields... Admittedly a bit hacky
opts=`curl -k -b pubcookie_pre_s -s -c pubcookie_l $LOGINURL | grep hidden | grep -v "<\!--" | sed -e 's/^.*name=\"//' -e 's/\" value/ /' -e 's/ //' -e 's/>//' -e 's/\"//g' | tr '\n' '&'`
# Append login credentials
opts=$opts"user=${USERNAME}&pass=${PASSWORD}"
# Send POST request to the Login Server to get granting cookie
curl -k -b pubcookie_l -c pubcookie_g -d "$opts" -s -o /dev/null $LOGINURL
# Re-request initial App URL and establish valid session
curl -k -b pubcookie_g -c pubcookie_s -L $APPURL
# Remove temporary cookie files
rm pubcookie_pre_s pubcookie_l pubcookie_g
exit;
This blog includes tech tips, opinions on varying subjects, and interesting short stories. The views expressed in this blog are purely my own and do necessarily represent those of my Employer, Spouse, or possibly anyone else!
Tuesday, December 04, 2007
Tech: Using Curl to Generate a Pubcookie for Programatic SSO Access
A pubcookie login server is a handy way to create SSO authorization accross internal resources deployed to many different application servers. However, this may create a challenge for programatic access to these same resources. Rather than attempting to hunt down and re-use the auth cookie out of your browser cookie cache, curl's cookie engine may be a better automated solution. Pubcookie's behavior is detailed at: http://www.pubcookie.org/docs/how-pubcookie-works.html . The simple script below will provide you with a re-usable token for programatic access to pubcookie protected resources.
Subscribe to:
Post Comments (Atom)
1 comment:
Nice writeup
Post a Comment