From mithunr2003 at gmail.com Thu May 1 11:32:23 2014 From: mithunr2003 at gmail.com (Mithun Radhakrishnan) Date: Fri, 2 May 2014 00:02:23 +0530 Subject: [Melbourne-pm] Fwd: Goddamnit, CPAN authors, why?! In-Reply-To: References: <5361BBF2.4000709@strategicdata.com.au> <1175A7D0A87D437D84426AFA4C3FA633@OwnerPC311012> <1398916564.27505.112409365.6DFF102E@webmail.messagingengine.com> Message-ID: It is still there in cpanm. Please try as below. http://search.*cpan*.org/~drsteve/Crypt-Password-0.28/lib/Crypt/Password.pm Just replace the above URL with mcpan instead of cpan like below and I was able to find that module in cpan. http://search.*mcpan*.org/~drsteve/Crypt-Password-0.28/lib/Crypt/Password.pm This will get redirect to the below URL. https://metacpan.org/pod/release/DRSTEVE/Crypt-Password-0.28/lib/Crypt/Password.pm ?But when we search the module in mcpan it is not showing up. ?Regards Mithun? On Thu, May 1, 2014 at 9:26 AM, Robert Norris wrote: > On Thu, May 1, 2014, at 01:33 PM, Toby Wintermute wrote: > > I'm not sure what's going on there then. > > I do wonder if this is side-effect/screw-up after this: > > > http://blogs.perl.org/users/brian_d_foy/2014/04/lets-delete-10000-files-from-cpan.html > > I went in and deleted a few old versions of my packages. In typical > PAUSE style, there's nothing on the page to say "this one is current". I > had to go to each individual package page to see what the current > versions are, and then not delete them (couldn't remember some of them, > most of my stuff is years old). > > I could totally see someone screwing up and deleting a "live" package > without realising it. > > Rob N. > _______________________________________________ > Melbourne-pm mailing list > Melbourne-pm at pm.org > http://mail.pm.org/mailman/listinfo/melbourne-pm > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mithunr2003 at gmail.com Thu May 22 07:09:34 2014 From: mithunr2003 at gmail.com (Mithun Radhakrishnan) Date: Thu, 22 May 2014 19:39:34 +0530 Subject: [Melbourne-pm] SSO authentication Message-ID: I need to do a SSO authentication and do a HTTP GET request for a web service. I get the below response content on doing a basic authentication using LWP. I am trying to automate the testing of some of the web services. But the basic authentication using Mozilla(browser) REST client works properly and it is giving the expected response. Do we need to do a different authentication mechanism in LWP for SSO? "Can't verify SSL peers without knowning which Certificate Authorities to trust This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE envirionment variable or by installing the Mozilla::CA module. To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME envirionment variable to 0. If you do this you can't be sure that you communicate with the expected peer. " ------------------------------------------------------------------------------------------- my $method = 'GET'; my $uri = 'http://xxxx'; my $username = 'xxx'; my $password = 'xxxx'; my $cookie_location = "/tmp/cookie"; # This must be read/write my $ua = LWP::UserAgent->new(keep_alive => 1); $ua->default_header( 'Accept' => '*/*' ); $ua->cookie_jar( { file => $cookie_location, autosave => 1, ignore_discard => 1 } ); my $request = HTTP::Request->new( $method, $uri ); $request->authorization_basic( $username, $password ); my $response = $ua->request($request); --------------------------------------------------------------------------------- Regards Mithun -------------- next part -------------- An HTML attachment was scrubbed... URL: From alfiej at fastmail.fm Thu May 22 23:26:25 2014 From: alfiej at fastmail.fm (Alfie John) Date: Fri, 23 May 2014 16:26:25 +1000 Subject: [Melbourne-pm] Newbie crypto/bcrypt question Message-ID: <1400826385.25832.120667305.65D7E549@webmail.messagingengine.com> Hi guys, Playing around with crypto and found the following weird. Can anyone explain why bcrypt_hash() is returning the same hashes for different plain-texts? Alfie -- 8< -- #!/usr/bin/perl use strict; use warnings; use Crypt::Eksblowfish::Bcrypt qw{bcrypt_hash en_base64}; my @A = hashPassword("abc"); my @B = hashPassword("abcabc"); printf("hash: %s, base64(hash): %s\n", ($A[0] eq $B[0]) ? "EQUAL" :"DIFFERENT", ($A[1] eq $B[1]) ? "EQUAL" : "DIFFERENT", ); sub hashPassword { my ($password) =@_; my $passwordHash = bcrypt_hash( { key_null => 1, cost => 8, salt => "mySecretSaltSalt", }, $password, ); return ($passwordHash, en_base64($passwordHash)); }? -- Alfie John alfiej at fastmail.fm From simon at unisolve.com.au Thu May 22 23:56:04 2014 From: simon at unisolve.com.au (Simon Taylor) Date: Fri, 23 May 2014 16:56:04 +1000 Subject: [Melbourne-pm] Newbie crypto/bcrypt question In-Reply-To: <1400826385.25832.120667305.65D7E549@webmail.messagingengine.com> References: <1400826385.25832.120667305.65D7E549@webmail.messagingengine.com> Message-ID: <537EF104.6040207@unisolve.com.au> Hi Alfie, > Hi guys, > > Playing around with crypto and found the following weird. Can anyone > explain why bcrypt_hash() is returning the same hashes for different > plain-texts? In my tests here it seems that wherever one of your passwords is made up of concatenations of the other, you get the same problem, ie: my @A = hashPassword1("x1z"); my @B = hashPassword1("x1zx1zx1z"); It is possible that you're supposed to use a different salt for *each* call to bcrypt_hash() ? Cheers, Simon From alfiej at fastmail.fm Fri May 23 01:33:32 2014 From: alfiej at fastmail.fm (Alfie John) Date: Fri, 23 May 2014 18:33:32 +1000 Subject: [Melbourne-pm] Newbie crypto/bcrypt question In-Reply-To: <537EF104.6040207@unisolve.com.au> References: <1400826385.25832.120667305.65D7E549@webmail.messagingengine.com> <537EF104.6040207@unisolve.com.au> Message-ID: <1400834012.18893.120695293.007A5FDA@webmail.messagingengine.com> On Fri, May 23, 2014, at 04:56 PM, Simon Taylor wrote: > In my tests here it seems that wherever one of your passwords is made up > of concatenations of the other, you get the same problem, ie: > > my @A = hashPassword1("x1z"); > my @B = hashPassword1("x1zx1zx1z"); Yeah, playing around I noticed the same thing. > It is possible that you're supposed to use a different salt for *each* > call to bcrypt_hash() ? I would hope not! I got an answer from Zefram (the author): === "key_null" should be "key_nul". Internally the hashing process involves repeating the key to make it up to the full internal key length, and if that's just done with the raw password then any password consisting of a repeated sequence will produce the same hash as that sequence on its own. The key_nul feature was added to the hash algorithm precisely to avoid this. === tl;dr: typo :( Alfie -- Alfie John alfiej at fastmail.fm From tjc at wintrmute.net Fri May 23 01:46:15 2014 From: tjc at wintrmute.net (Toby Wintermute) Date: Fri, 23 May 2014 18:46:15 +1000 Subject: [Melbourne-pm] SSO authentication In-Reply-To: References: Message-ID: You've blanked out the actual URL you're trying to GET, so we can't check.. but are you sure that it's not redirecting to an HTTPS URL, and thus triggering the SSL-related comments from LWP? I don't suppose you've tried following the hints given to you by LWP, that you quoted in your post? ie. Either installing the Mozilla CA package, or pointing to an existing CA package, or disabling CA verification altogether. On 23 May 2014 00:09, Mithun Radhakrishnan wrote: > > I need to do a SSO authentication and do a HTTP GET request for a web > service. > > I get the below response content on doing a basic authentication using LWP. > I am trying to automate the testing of some of the web services. But the > basic authentication using Mozilla(browser) REST client works properly and > it is giving the expected response. > > Do we need to do a different authentication mechanism in LWP for SSO? > > > "Can't verify SSL peers without knowning which Certificate Authorities to > trust > > This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE > envirionment variable or by installing the Mozilla::CA module. > > To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME > envirionment variable to 0. If you do this you can't be sure that you > communicate with the expected peer. > " > > > ------------------------------------------------------------------------------------------- > my $method = 'GET'; > my $uri = 'http://xxxx'; > my $username = 'xxx'; > my $password = 'xxxx'; > > my $cookie_location = "/tmp/cookie"; # This must be read/write > my $ua = LWP::UserAgent->new(keep_alive => 1); > $ua->default_header( 'Accept' => '*/*' ); > $ua->cookie_jar( > { > file => $cookie_location, > autosave => 1, > ignore_discard => 1 > } > ); > > my $request = HTTP::Request->new( $method, $uri ); > $request->authorization_basic( $username, $password ); > my $response = $ua->request($request); > > --------------------------------------------------------------------------------- > > > Regards > Mithun > > _______________________________________________ > Melbourne-pm mailing list > Melbourne-pm at pm.org > http://mail.pm.org/mailman/listinfo/melbourne-pm -- Turning and turning in the widening gyre The falcon cannot hear the falconer Things fall apart; the center cannot hold Mere anarchy is loosed upon the world From tjc at wintrmute.net Fri May 23 02:10:14 2014 From: tjc at wintrmute.net (Toby Wintermute) Date: Fri, 23 May 2014 19:10:14 +1000 Subject: [Melbourne-pm] Newbie crypto/bcrypt question In-Reply-To: <1400834012.18893.120695293.007A5FDA@webmail.messagingengine.com> References: <1400826385.25832.120667305.65D7E549@webmail.messagingengine.com> <537EF104.6040207@unisolve.com.au> <1400834012.18893.120695293.007A5FDA@webmail.messagingengine.com> Message-ID: On 23 May 2014 18:33, Alfie John wrote: > tl;dr: typo :( Parameter validation is an area where Perl falls down, massively, compared to many other languages. If a function can only accept parameters of blue and green, then damnit, it should throw an error if you pass in red. Creating objects with Moose/Moo/FlavourOfTheMoonth and creating methods with one of the parameter validation modules goes some way to fix this glaring oversight, but.. it's creating a lot of extra boilerplate and code to do something that other languages take for granted. Using hashes to pass data structures around is another terrible idea that's commonly used in Perl. How often have you seen code that does something like: my $data = { firstname => "Toby", surname => "Winter" }; enable_mononym($data) unless $foo->{sirname}; No compile time error. No run-time warning. Awesome :/ From mithunr2003 at gmail.com Fri May 23 03:09:06 2014 From: mithunr2003 at gmail.com (Mithun Radhakrishnan) Date: Fri, 23 May 2014 15:39:06 +0530 Subject: [Melbourne-pm] SSO authentication In-Reply-To: References: Message-ID: Thanks Jarrod and Toby for your comments. I installed Mozilla::CA module from cpan and that error went away. But then I get below authentication error when I ran the same script with same credentials. HTTP/1.1 401 Unauthorized Date: Fri, 23 May 2014 09:03:40 GMT Server: Microsoft-IIS/7.5 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Content-Length: 1293 Content-Type: text/html Client-Date: Fri, 23 May 2014 09:03:40 GMT Client-Peer: 173.38.9.38:443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /O=Company Systems/CN=Company SSCA2 Client-SSL-Cert-Subject: /C=US/ST=California/L=San Jose/O=Company Technology, Inc./CN=server.domain.com Client-SSL-Cipher: RC4-SHA Client-SSL-Socket-Class: IO::Socket::SSL Client-Warning: Unsupported authentication scheme 'ntlm' Title: 401 - Unauthorized: Access is denied due to invalid credentials. URL that I am using is not available in internet. It is an intranet one. When I use the same URL from browser, it redirects to a SSL server and then prompts for password and once authenticated it redirects to the URL which I requested actually and gives me the proper XML response. I don't know how to automate these kind of authentication mechanism. Can you suggest some other way of authentication in LWP Regards Mithun On Fri, May 23, 2014 at 2:16 PM, Toby Wintermute wrote: > You've blanked out the actual URL you're trying to GET, so we can't > check.. but are you sure that it's not redirecting to an HTTPS URL, > and thus triggering the SSL-related comments from LWP? > > I don't suppose you've tried following the hints given to you by LWP, > that you quoted in your post? > ie. Either installing the Mozilla CA package, or pointing to an > existing CA package, or disabling CA verification altogether. > > On 23 May 2014 00:09, Mithun Radhakrishnan wrote: > > > > I need to do a SSO authentication and do a HTTP GET request for a web > > service. > > > > I get the below response content on doing a basic authentication using > LWP. > > I am trying to automate the testing of some of the web services. But the > > basic authentication using Mozilla(browser) REST client works properly > and > > it is giving the expected response. > > > > Do we need to do a different authentication mechanism in LWP for SSO? > > > > > > "Can't verify SSL peers without knowning which Certificate Authorities to > > trust > > > > This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE > > envirionment variable or by installing the Mozilla::CA module. > > > > To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME > > envirionment variable to 0. If you do this you can't be sure that you > > communicate with the expected peer. > > " > > > > > > > ------------------------------------------------------------------------------------------- > > my $method = 'GET'; > > my $uri = 'http://xxxx'; > > my $username = 'xxx'; > > my $password = 'xxxx'; > > > > my $cookie_location = "/tmp/cookie"; # This must be read/write > > my $ua = LWP::UserAgent->new(keep_alive => 1); > > $ua->default_header( 'Accept' => '*/*' ); > > $ua->cookie_jar( > > { > > file => $cookie_location, > > autosave => 1, > > ignore_discard => 1 > > } > > ); > > > > my $request = HTTP::Request->new( $method, $uri ); > > $request->authorization_basic( $username, $password ); > > my $response = $ua->request($request); > > > > > --------------------------------------------------------------------------------- > > > > > > Regards > > Mithun > > > > _______________________________________________ > > Melbourne-pm mailing list > > Melbourne-pm at pm.org > > http://mail.pm.org/mailman/listinfo/melbourne-pm > > > > -- > Turning and turning in the widening gyre > The falcon cannot hear the falconer > Things fall apart; the center cannot hold > Mere anarchy is loosed upon the world > _______________________________________________ > Melbourne-pm mailing list > Melbourne-pm at pm.org > http://mail.pm.org/mailman/listinfo/melbourne-pm > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alfiej at fastmail.fm Fri May 23 03:09:18 2014 From: alfiej at fastmail.fm (Alfie John) Date: Fri, 23 May 2014 20:09:18 +1000 Subject: [Melbourne-pm] Newbie crypto/bcrypt question In-Reply-To: References: <1400826385.25832.120667305.65D7E549@webmail.messagingengine.com> <537EF104.6040207@unisolve.com.au> <1400834012.18893.120695293.007A5FDA@webmail.messagingengine.com> Message-ID: <1400839758.7804.120721177.7E516CC5@webmail.messagingengine.com> On Fri, May 23, 2014, at 07:10 PM, Toby Wintermute wrote: > Using hashes to pass data structures around is another terrible idea > that's commonly used in Perl. > How often have you seen code that does something like: > > my $data = { firstname => "Toby", surname => "Winter" }; > enable_mononym($data) unless $foo->{sirname}; > > No compile time error. No run-time warning. Awesome :/ I know you're right about this, and I'll get flamed, but I like the freedom of optional parameter and hash key checking. At least if I wanted strict parameter checking, a sprinkle of boiler plate and it's there. But yet, your example does make a good point! Alfie -- Alfie John alfiej at fastmail.fm From tjc at wintrmute.net Fri May 23 03:59:06 2014 From: tjc at wintrmute.net (Toby Wintermute) Date: Fri, 23 May 2014 20:59:06 +1000 Subject: [Melbourne-pm] SSO authentication In-Reply-To: References: Message-ID: The hint is present in the output - where it says unsupported auth type, NTLM. That's not "basic" auth, that's a proprietary Microsoft method. Searching metacpan for ntlm brings up at least three modules that look like they handle it. Look into those further? On 23/05/2014 8:09 pm, "Mithun Radhakrishnan" wrote: > Thanks Jarrod and Toby for your comments. > > I installed Mozilla::CA module from cpan and that error went away. But > then I get below authentication error when I ran the same script with same > credentials. > > HTTP/1.1 401 Unauthorized > Date: Fri, 23 May 2014 09:03:40 GMT > Server: Microsoft-IIS/7.5 > WWW-Authenticate: Negotiate > WWW-Authenticate: NTLM > Content-Length: 1293 > Content-Type: text/html > Client-Date: Fri, 23 May 2014 09:03:40 GMT > Client-Peer: 173.38.9.38:443 > Client-Response-Num: 1 > Client-SSL-Cert-Issuer: /O=Company Systems/CN=Company SSCA2 > Client-SSL-Cert-Subject: /C=US/ST=California/L=San Jose/O=Company > Technology, Inc./CN=server.domain.com > Client-SSL-Cipher: RC4-SHA > Client-SSL-Socket-Class: IO::Socket::SSL > Client-Warning: Unsupported authentication scheme 'ntlm' > Title: 401 - Unauthorized: Access is denied due to invalid credentials. > > URL that I am using is not available in internet. It is an intranet one. > When I use the same URL from browser, it redirects to a SSL server and then > prompts for password and once authenticated it redirects to the URL which I > requested actually and gives me the proper XML response. > > I don't know how to automate these kind of authentication mechanism. Can > you suggest some other way of authentication in LWP > > Regards > Mithun > > > On Fri, May 23, 2014 at 2:16 PM, Toby Wintermute wrote: > >> You've blanked out the actual URL you're trying to GET, so we can't >> check.. but are you sure that it's not redirecting to an HTTPS URL, >> and thus triggering the SSL-related comments from LWP? >> >> I don't suppose you've tried following the hints given to you by LWP, >> that you quoted in your post? >> ie. Either installing the Mozilla CA package, or pointing to an >> existing CA package, or disabling CA verification altogether. >> >> On 23 May 2014 00:09, Mithun Radhakrishnan wrote: >> > >> > I need to do a SSO authentication and do a HTTP GET request for a web >> > service. >> > >> > I get the below response content on doing a basic authentication using >> LWP. >> > I am trying to automate the testing of some of the web services. But the >> > basic authentication using Mozilla(browser) REST client works properly >> and >> > it is giving the expected response. >> > >> > Do we need to do a different authentication mechanism in LWP for SSO? >> > >> > >> > "Can't verify SSL peers without knowning which Certificate Authorities >> to >> > trust >> > >> > This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE >> > envirionment variable or by installing the Mozilla::CA module. >> > >> > To disable verification of SSL peers set the >> PERL_LWP_SSL_VERIFY_HOSTNAME >> > envirionment variable to 0. If you do this you can't be sure that you >> > communicate with the expected peer. >> > " >> > >> > >> > >> ------------------------------------------------------------------------------------------- >> > my $method = 'GET'; >> > my $uri = 'http://xxxx'; >> > my $username = 'xxx'; >> > my $password = 'xxxx'; >> > >> > my $cookie_location = "/tmp/cookie"; # This must be read/write >> > my $ua = LWP::UserAgent->new(keep_alive => 1); >> > $ua->default_header( 'Accept' => '*/*' ); >> > $ua->cookie_jar( >> > { >> > file => $cookie_location, >> > autosave => 1, >> > ignore_discard => 1 >> > } >> > ); >> > >> > my $request = HTTP::Request->new( $method, $uri ); >> > $request->authorization_basic( $username, $password ); >> > my $response = $ua->request($request); >> > >> > >> --------------------------------------------------------------------------------- >> > >> > >> > Regards >> > Mithun >> > >> > _______________________________________________ >> > Melbourne-pm mailing list >> > Melbourne-pm at pm.org >> > http://mail.pm.org/mailman/listinfo/melbourne-pm >> >> >> >> -- >> Turning and turning in the widening gyre >> The falcon cannot hear the falconer >> Things fall apart; the center cannot hold >> Mere anarchy is loosed upon the world >> _______________________________________________ >> Melbourne-pm mailing list >> Melbourne-pm at pm.org >> http://mail.pm.org/mailman/listinfo/melbourne-pm >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mithunr2003 at gmail.com Fri May 23 07:05:51 2014 From: mithunr2003 at gmail.com (Mithun Radhakrishnan) Date: Fri, 23 May 2014 19:35:51 +0530 Subject: [Melbourne-pm] SSO authentication In-Reply-To: References:

Message-ID: Though the usage of "LWP::Authen::Ntlm" says that "LWP::UserAgent" will be able to identify the authentication scheme; in my case it is not able to. Still getting the same error even after installing the latest version of the module(LWP::Authen::Ntlm) from CPAN. Also I changed my code to set the credentials through $ua->credentials() instead of HTTP::Request object's authorization_basic method as suggested in the document. http://search.cpan.org/dist/libwww-perl/lib/LWP/Authen/Ntlm.pm#USAGE I am currently trying to understand the "LWP::UserAgent" code to see where it identifies the authentication scheme. Regards Mithun On Fri, May 23, 2014 at 4:29 PM, Toby Wintermute wrote: > The hint is present in the output - where it says unsupported auth type, > NTLM. > That's not "basic" auth, that's a proprietary Microsoft method. > Searching metacpan for ntlm brings up at least three modules that look > like they handle it. Look into those further? > On 23/05/2014 8:09 pm, "Mithun Radhakrishnan" > wrote: > >> Thanks Jarrod and Toby for your comments. >> >> I installed Mozilla::CA module from cpan and that error went away. But >> then I get below authentication error when I ran the same script with same >> credentials. >> >> HTTP/1.1 401 Unauthorized >> Date: Fri, 23 May 2014 09:03:40 GMT >> Server: Microsoft-IIS/7.5 >> WWW-Authenticate: Negotiate >> WWW-Authenticate: NTLM >> Content-Length: 1293 >> Content-Type: text/html >> Client-Date: Fri, 23 May 2014 09:03:40 GMT >> Client-Peer: 173.38.9.38:443 >> Client-Response-Num: 1 >> Client-SSL-Cert-Issuer: /O=Company Systems/CN=Company SSCA2 >> Client-SSL-Cert-Subject: /C=US/ST=California/L=San Jose/O=Company >> Technology, Inc./CN=server.domain.com >> Client-SSL-Cipher: RC4-SHA >> Client-SSL-Socket-Class: IO::Socket::SSL >> Client-Warning: Unsupported authentication scheme 'ntlm' >> Title: 401 - Unauthorized: Access is denied due to invalid credentials. >> >> URL that I am using is not available in internet. It is an intranet one. >> When I use the same URL from browser, it redirects to a SSL server and then >> prompts for password and once authenticated it redirects to the URL which I >> requested actually and gives me the proper XML response. >> >> I don't know how to automate these kind of authentication mechanism. Can >> you suggest some other way of authentication in LWP >> >> Regards >> Mithun >> >> >> On Fri, May 23, 2014 at 2:16 PM, Toby Wintermute wrote: >> >>> You've blanked out the actual URL you're trying to GET, so we can't >>> check.. but are you sure that it's not redirecting to an HTTPS URL, >>> and thus triggering the SSL-related comments from LWP? >>> >>> I don't suppose you've tried following the hints given to you by LWP, >>> that you quoted in your post? >>> ie. Either installing the Mozilla CA package, or pointing to an >>> existing CA package, or disabling CA verification altogether. >>> >>> On 23 May 2014 00:09, Mithun Radhakrishnan >>> wrote: >>> > >>> > I need to do a SSO authentication and do a HTTP GET request for a web >>> > service. >>> > >>> > I get the below response content on doing a basic authentication using >>> LWP. >>> > I am trying to automate the testing of some of the web services. But >>> the >>> > basic authentication using Mozilla(browser) REST client works properly >>> and >>> > it is giving the expected response. >>> > >>> > Do we need to do a different authentication mechanism in LWP for SSO? >>> > >>> > >>> > "Can't verify SSL peers without knowning which Certificate Authorities >>> to >>> > trust >>> > >>> > This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE >>> > envirionment variable or by installing the Mozilla::CA module. >>> > >>> > To disable verification of SSL peers set the >>> PERL_LWP_SSL_VERIFY_HOSTNAME >>> > envirionment variable to 0. If you do this you can't be sure that you >>> > communicate with the expected peer. >>> > " >>> > >>> > >>> > >>> ------------------------------------------------------------------------------------------- >>> > my $method = 'GET'; >>> > my $uri = 'http://xxxx'; >>> > my $username = 'xxx'; >>> > my $password = 'xxxx'; >>> > >>> > my $cookie_location = "/tmp/cookie"; # This must be read/write >>> > my $ua = LWP::UserAgent->new(keep_alive => 1); >>> > $ua->default_header( 'Accept' => '*/*' ); >>> > $ua->cookie_jar( >>> > { >>> > file => $cookie_location, >>> > autosave => 1, >>> > ignore_discard => 1 >>> > } >>> > ); >>> > >>> > my $request = HTTP::Request->new( $method, $uri ); >>> > $request->authorization_basic( $username, $password ); >>> > my $response = $ua->request($request); >>> > >>> > >>> --------------------------------------------------------------------------------- >>> > >>> > >>> > Regards >>> > Mithun >>> > >>> > _______________________________________________ >>> > Melbourne-pm mailing list >>> > Melbourne-pm at pm.org >>> > http://mail.pm.org/mailman/listinfo/melbourne-pm >>> >>> >>> >>> -- >>> Turning and turning in the widening gyre >>> The falcon cannot hear the falconer >>> Things fall apart; the center cannot hold >>> Mere anarchy is loosed upon the world >>> _______________________________________________ >>> Melbourne-pm mailing list >>> Melbourne-pm at pm.org >>> http://mail.pm.org/mailman/listinfo/melbourne-pm >>> >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From mithunr2003 at gmail.com Mon May 26 08:26:38 2014 From: mithunr2003 at gmail.com (Mithun Radhakrishnan) Date: Mon, 26 May 2014 20:56:38 +0530 Subject: [Melbourne-pm] SSO authentication In-Reply-To: References:

Message-ID: After doing some more debugging I ended up installing following modules and below code is still not able to authenticate the SSO server. Seems there is a problem with GSSAPI library. http://search.mcpan.org/dist/libwww-perl/lib/LWP/Authen/Ntlm.pm https://metacpan.org/pod/LWP::Authen::Negotiate https://metacpan.org/pod/GSSAPI --------------------------------CODE-------------------------------------------------------------------------------------------------- #!/usr/bin/env perl use LWP::UserAgent; use HTTP::Cookies; use Data::Dumper; use LWP::Debug qw(+); my $ua = LWP::UserAgent->new( keep_alive => 1 ); my $cookies = {}; $ua->cookie_jar($cookies); print "->Setting Credentials\n"; $ua->credentials( 'some-server.com', '', 'user', 'password' ); my $uri = 'http://some-server.com/a/b/c'; my $r1 = $ua->get($uri); print $r1->headers()->as_string; -------------------------------OUTPUT------------------------------------------------------------------------------------- ->Setting Credentials LWP::Authen::Negotiate::authenticate: authenticate() version 0.08 called LWP::Authen::Negotiate::authenticate: target hostname sso-server.com LWP::Authen::Negotiate::authenticate: GSSAPI servicename HTTP at sso-server.com LWP::Authen::Negotiate::authenticate: Unspecified GSS failure. Minor code may provide more information LWP::Authen::Negotiate::authenticate: Credentials cache file '/tmp/krb5cc_500' not found Date: Mon, 26 May 2014 14:50:59 GMT Server: Microsoft-IIS/7.5 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Content-Length: 1293 Content-Type: text/html Client-Date: Mon, 26 May 2014 14:50:56 GMT Client-Peer: 173.38.52.70:443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /O=some Systems/CN=some SSCA2 Client-SSL-Cert-Subject: /C=US/ST=California/L=San Jose/O=some Technology, Inc./CN=sso-server.com Client-SSL-Cipher: RC4-SHA Client-SSL-Socket-Class: IO::Socket::SSL Title: 401 - Unauthorized: Access is denied due to invalid credentials. ------------------------------------------------------------------------------------------------- Regards Mithun On Fri, May 23, 2014 at 7:35 PM, Mithun Radhakrishnan wrote: > > Though the usage of " > ?? > LWP::Authen::Ntlm" says that "LWP::UserAgent" will be able to identify the > authentication scheme; > in my case it is not able to. > Still getting the same error even after installing the latest version of > the module(LWP::Authen::Ntlm) from CPAN. > Also I changed my code to set the credentials through $ua->credentials() > instead of HTTP::Request object's authorization_basic method as suggested > in the document. > http://search.cpan.org/dist/libwww-perl/lib/LWP/Authen/Ntlm.pm#USAGE > > I am currently trying to understand the "LWP::UserAgent" code to see where > it identifies the authentication scheme. > > Regards > Mithun > > > > > > > > > > On Fri, May 23, 2014 at 4:29 PM, Toby Wintermute wrote: > >> The hint is present in the output - where it says unsupported auth type, >> NTLM. >> That's not "basic" auth, that's a proprietary Microsoft method. >> Searching metacpan for ntlm brings up at least three modules that look >> like they handle it. Look into those further? >> On 23/05/2014 8:09 pm, "Mithun Radhakrishnan" >> wrote: >> >>> Thanks Jarrod and Toby for your comments. >>> >>> I installed Mozilla::CA module from cpan and that error went away. But >>> then I get below authentication error when I ran the same script with same >>> credentials. >>> >>> HTTP/1.1 401 Unauthorized >>> Date: Fri, 23 May 2014 09:03:40 GMT >>> Server: Microsoft-IIS/7.5 >>> WWW-Authenticate: Negotiate >>> WWW-Authenticate: NTLM >>> Content-Length: 1293 >>> Content-Type: text/html >>> Client-Date: Fri, 23 May 2014 09:03:40 GMT >>> Client-Peer: 173.38.9.38:443 >>> Client-Response-Num: 1 >>> Client-SSL-Cert-Issuer: /O=Company Systems/CN=Company SSCA2 >>> Client-SSL-Cert-Subject: /C=US/ST=California/L=San Jose/O=Company >>> Technology, Inc./CN=server.domain.com >>> Client-SSL-Cipher: RC4-SHA >>> Client-SSL-Socket-Class: IO::Socket::SSL >>> Client-Warning: Unsupported authentication scheme 'ntlm' >>> Title: 401 - Unauthorized: Access is denied due to invalid credentials. >>> >>> URL that I am using is not available in internet. It is an intranet >>> one. When I use the same URL from browser, it redirects to a SSL server >>> and then prompts for password and once authenticated it redirects to the >>> URL which I requested actually and gives me the proper XML response. >>> >>> I don't know how to automate these kind of authentication mechanism. >>> Can you suggest some other way of authentication in LWP >>> >>> Regards >>> Mithun >>> >>> >>> On Fri, May 23, 2014 at 2:16 PM, Toby Wintermute wrote: >>> >>>> You've blanked out the actual URL you're trying to GET, so we can't >>>> check.. but are you sure that it's not redirecting to an HTTPS URL, >>>> and thus triggering the SSL-related comments from LWP? >>>> >>>> I don't suppose you've tried following the hints given to you by LWP, >>>> that you quoted in your post? >>>> ie. Either installing the Mozilla CA package, or pointing to an >>>> existing CA package, or disabling CA verification altogether. >>>> >>>> On 23 May 2014 00:09, Mithun Radhakrishnan >>>> wrote: >>>> > >>>> > I need to do a SSO authentication and do a HTTP GET request for a web >>>> > service. >>>> > >>>> > I get the below response content on doing a basic authentication >>>> using LWP. >>>> > I am trying to automate the testing of some of the web services. But >>>> the >>>> > basic authentication using Mozilla(browser) REST client works >>>> properly and >>>> > it is giving the expected response. >>>> > >>>> > Do we need to do a different authentication mechanism in LWP for SSO? >>>> > >>>> > >>>> > "Can't verify SSL peers without knowning which Certificate >>>> Authorities to >>>> > trust >>>> > >>>> > This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE >>>> > envirionment variable or by installing the Mozilla::CA module. >>>> > >>>> > To disable verification of SSL peers set the >>>> PERL_LWP_SSL_VERIFY_HOSTNAME >>>> > envirionment variable to 0. If you do this you can't be sure that you >>>> > communicate with the expected peer. >>>> > " >>>> > >>>> > >>>> > >>>> ------------------------------------------------------------------------------------------- >>>> > my $method = 'GET'; >>>> > my $uri = 'http://xxxx'; >>>> > my $username = 'xxx'; >>>> > my $password = 'xxxx'; >>>> > >>>> > my $cookie_location = "/tmp/cookie"; # This must be read/write >>>> > my $ua = LWP::UserAgent->new(keep_alive => 1); >>>> > $ua->default_header( 'Accept' => '*/*' ); >>>> > $ua->cookie_jar( >>>> > { >>>> > file => $cookie_location, >>>> > autosave => 1, >>>> > ignore_discard => 1 >>>> > } >>>> > ); >>>> > >>>> > my $request = HTTP::Request->new( $method, $uri ); >>>> > $request->authorization_basic( $username, $password ); >>>> > my $response = $ua->request($request); >>>> > >>>> > >>>> --------------------------------------------------------------------------------- >>>> > >>>> > >>>> > Regards >>>> > Mithun >>>> > >>>> > _______________________________________________ >>>> > Melbourne-pm mailing list >>>> > Melbourne-pm at pm.org >>>> > http://mail.pm.org/mailman/listinfo/melbourne-pm >>>> >>>> >>>> >>>> -- >>>> Turning and turning in the widening gyre >>>> The falcon cannot hear the falconer >>>> Things fall apart; the center cannot hold >>>> Mere anarchy is loosed upon the world >>>> _______________________________________________ >>>> Melbourne-pm mailing list >>>> Melbourne-pm at pm.org >>>> http://mail.pm.org/mailman/listinfo/melbourne-pm >>>> >>> >>> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tjc at wintrmute.net Mon May 26 17:25:18 2014 From: tjc at wintrmute.net (Toby Wintermute) Date: Tue, 27 May 2014 10:25:18 +1000 Subject: [Melbourne-pm] SSO authentication In-Reply-To: References:

Message-ID: On 27 May 2014 01:26, Mithun Radhakrishnan wrote: > After doing some more debugging I ended up installing following modules and > below code is still not able to authenticate the SSO server. Seems there is > a problem with GSSAPI library. Hmm. As far as I'm aware, GSSAPI (Kerberos) is a different type of authentication system to NTLM; it seems you've managed to get the back-end system to negotiate for alternatives, but I'm going to hazard a guess that this is Windows trying to emulate Kerberos. Knowing that might help you find some advice on the internet if you search, but otherwise you're going to have to fire up a debugger and start walking through the libraries to find out what's going on. I wrote some code that used Perl to talk to an NTLM-authing IIS server, once upon a time, but that was more than a decade ago, using Windows NT 4.0 and the IIS of the day.. everything will have changed by now, even if I hadn't forgotten the details. Sorry. -Toby > --------------------------------CODE-------------------------------------------------------------------------------------------------- > #!/usr/bin/env perl > use LWP::UserAgent; > use HTTP::Cookies; > use Data::Dumper; > use LWP::Debug qw(+); > > > my $ua = LWP::UserAgent->new( keep_alive => 1 ); > my $cookies = {}; > $ua->cookie_jar($cookies); > print "->Setting Credentials\n"; > $ua->credentials( 'some-server.com', '', 'user', 'password' ); > my $uri = 'http://some-server.com/a/b/c'; > my $r1 = $ua->get($uri); > print $r1->headers()->as_string; > > -------------------------------OUTPUT------------------------------------------------------------------------------------- > > ->Setting Credentials > LWP::Authen::Negotiate::authenticate: authenticate() version 0.08 called > LWP::Authen::Negotiate::authenticate: target hostname sso-server.com > LWP::Authen::Negotiate::authenticate: GSSAPI servicename HTTP at sso-server.com > LWP::Authen::Negotiate::authenticate: Unspecified GSS failure. Minor code > may provide more information > LWP::Authen::Negotiate::authenticate: Credentials cache file > '/tmp/krb5cc_500' not found > Date: Mon, 26 May 2014 14:50:59 GMT > > Server: Microsoft-IIS/7.5 > WWW-Authenticate: Negotiate > WWW-Authenticate: NTLM > Content-Length: 1293 > Content-Type: text/html > Client-Date: Mon, 26 May 2014 14:50:56 GMT > Client-Peer: 173.38.52.70:443 > Client-Response-Num: 1 > Client-SSL-Cert-Issuer: /O=some Systems/CN=some SSCA2 > Client-SSL-Cert-Subject: /C=US/ST=California/L=San Jose/O=some Technology, > Inc./CN=sso-server.com > > Client-SSL-Cipher: RC4-SHA > Client-SSL-Socket-Class: IO::Socket::SSL > Title: 401 - Unauthorized: Access is denied due to invalid credentials. > -------------------------------------------------------------------------------------------------