[Melbourne-pm] SSO authentication

Mithun Radhakrishnan mithunr2003 at gmail.com
Fri May 23 07:05:51 PDT 2014


Though the usage of "LWP::Authen::Ntlm" says that "LWP::UserAgent" will be
able to identify the authentication scheme;
in my case it is not able to.
Still getting the same error even after installing the latest version of
the module(LWP::Authen::Ntlm) from CPAN.
Also I changed my code to set the credentials through $ua->credentials()
instead of HTTP::Request object's authorization_basic method as suggested
in the document.
http://search.cpan.org/dist/libwww-perl/lib/LWP/Authen/Ntlm.pm#USAGE

I am currently trying to understand the "LWP::UserAgent" code to see where
it identifies the authentication scheme.

Regards
Mithun









On Fri, May 23, 2014 at 4:29 PM, Toby Wintermute <tjc at wintrmute.net> wrote:

> The hint is present in the output - where it says unsupported auth type,
> NTLM.
> That's not "basic" auth, that's a proprietary Microsoft method.
> Searching metacpan for ntlm brings up at least three modules that look
> like they handle it. Look into those further?
> On 23/05/2014 8:09 pm, "Mithun Radhakrishnan" <mithunr2003 at gmail.com>
> wrote:
>
>> Thanks Jarrod and Toby for your comments.
>>
>> I installed Mozilla::CA module from cpan and that error went away. But
>> then I get below authentication error when I ran the same script with same
>> credentials.
>>
>> HTTP/1.1 401 Unauthorized
>> Date: Fri, 23 May 2014 09:03:40 GMT
>> Server: Microsoft-IIS/7.5
>> WWW-Authenticate: Negotiate
>> WWW-Authenticate: NTLM
>> Content-Length: 1293
>> Content-Type: text/html
>> Client-Date: Fri, 23 May 2014 09:03:40 GMT
>> Client-Peer: 173.38.9.38:443
>> Client-Response-Num: 1
>> Client-SSL-Cert-Issuer: /O=Company Systems/CN=Company SSCA2
>> Client-SSL-Cert-Subject: /C=US/ST=California/L=San Jose/O=Company
>> Technology, Inc./CN=server.domain.com
>> Client-SSL-Cipher: RC4-SHA
>> Client-SSL-Socket-Class: IO::Socket::SSL
>> Client-Warning: Unsupported authentication scheme 'ntlm'
>> Title: 401 - Unauthorized: Access is denied due to invalid credentials.
>>
>> URL that I am using is not available in internet. It is an intranet one.
>> When I use the same URL from browser, it redirects to a SSL server and then
>> prompts for password and once authenticated it redirects to the URL which I
>> requested actually and gives me the proper XML response.
>>
>> I don't know how to automate these kind of  authentication mechanism. Can
>> you suggest some other way of authentication in LWP
>>
>> Regards
>> Mithun
>>
>>
>> On Fri, May 23, 2014 at 2:16 PM, Toby Wintermute <tjc at wintrmute.net>wrote:
>>
>>> You've blanked out the actual URL you're trying to GET, so we can't
>>> check.. but are you sure that it's not redirecting to an HTTPS URL,
>>> and thus triggering the SSL-related comments from LWP?
>>>
>>> I don't suppose you've tried following the hints given to you by LWP,
>>> that you quoted in your post?
>>> ie. Either installing the Mozilla CA package, or pointing to an
>>> existing CA package, or disabling CA verification altogether.
>>>
>>> On 23 May 2014 00:09, Mithun Radhakrishnan <mithunr2003 at gmail.com>
>>> wrote:
>>> >
>>> > I need to do a SSO authentication and do a HTTP GET request for a web
>>> > service.
>>> >
>>> > I get the below response content on doing a basic authentication using
>>> LWP.
>>> > I am trying to automate the testing of some of the web services. But
>>> the
>>> > basic authentication using Mozilla(browser) REST client works properly
>>> and
>>> > it is giving the expected response.
>>> >
>>> > Do we need to do a different authentication mechanism in LWP for SSO?
>>> >
>>> >
>>> > "Can't verify SSL peers without knowning which Certificate Authorities
>>> to
>>> > trust
>>> >
>>> > This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE
>>> > envirionment variable or by installing the Mozilla::CA module.
>>> >
>>> > To disable verification of SSL peers set the
>>> PERL_LWP_SSL_VERIFY_HOSTNAME
>>> > envirionment variable to 0.  If you do this you can't be sure that you
>>> > communicate with the expected peer.
>>> > "
>>> >
>>> >
>>> >
>>> -------------------------------------------------------------------------------------------
>>> > my $method = 'GET';
>>> > my $uri    = 'http://xxxx';
>>> > my $username = 'xxx';
>>> > my $password = 'xxxx';
>>> >
>>> > my $cookie_location = "/tmp/cookie";    # This must be read/write
>>> > my $ua = LWP::UserAgent->new(keep_alive => 1);
>>> > $ua->default_header( 'Accept' => '*/*' );
>>> > $ua->cookie_jar(
>>> >     {
>>> >         file           => $cookie_location,
>>> >         autosave       => 1,
>>> >         ignore_discard => 1
>>> >     }
>>> > );
>>> >
>>> > my $request = HTTP::Request->new( $method, $uri );
>>> > $request->authorization_basic( $username, $password );
>>> > my $response = $ua->request($request);
>>> >
>>> >
>>> ---------------------------------------------------------------------------------
>>> >
>>> >
>>> > Regards
>>> > Mithun
>>> >
>>> > _______________________________________________
>>> > Melbourne-pm mailing list
>>> > Melbourne-pm at pm.org
>>> > http://mail.pm.org/mailman/listinfo/melbourne-pm
>>>
>>>
>>>
>>> --
>>> Turning and turning in the widening gyre
>>> The falcon cannot hear the falconer
>>> Things fall apart; the center cannot hold
>>> Mere anarchy is loosed upon the world
>>> _______________________________________________
>>> Melbourne-pm mailing list
>>> Melbourne-pm at pm.org
>>> http://mail.pm.org/mailman/listinfo/melbourne-pm
>>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/melbourne-pm/attachments/20140523/e3e5089b/attachment-0001.html>


More information about the Melbourne-pm mailing list