[Melbourne-pm] SSO authentication

Toby Wintermute tjc at wintrmute.net
Mon May 26 17:25:18 PDT 2014 

On 27 May 2014 01:26, Mithun Radhakrishnan <mithunr2003 at gmail.com> wrote:
> After doing some more debugging I ended up installing following modules and
> below code is still not able to authenticate the SSO server. Seems there is
> a problem with GSSAPI library.

Hmm. As far as I'm aware, GSSAPI (Kerberos) is a different type of
authentication system to NTLM; it seems you've managed to get the
back-end system to negotiate for alternatives, but I'm going to hazard
a guess that this is Windows trying to emulate Kerberos.

Knowing that might help you find some advice on the internet if you
search, but otherwise you're going to have to fire up a debugger and
start walking through the libraries to find out what's going on.

I wrote some code that used Perl to talk to an NTLM-authing IIS
server, once upon a time, but that was more than a decade ago, using
Windows NT 4.0 and the IIS of the day.. everything will have changed
by now, even if I hadn't forgotten the details. Sorry.

-Toby


> --------------------------------CODE--------------------------------------------------------------------------------------------------
> #!/usr/bin/env perl
> use LWP::UserAgent;
> use HTTP::Cookies;
> use Data::Dumper;
> use LWP::Debug qw(+);
>
>
> my $ua = LWP::UserAgent->new( keep_alive => 1 );
> my $cookies = {};
> $ua->cookie_jar($cookies);
> print "->Setting Credentials\n";
> $ua->credentials( 'some-server.com', '', 'user', 'password' );
> my $uri = 'http://some-server.com/a/b/c';
> my $r1  = $ua->get($uri);
> print $r1->headers()->as_string;
>
> -------------------------------OUTPUT-------------------------------------------------------------------------------------
>
> ->Setting Credentials
> LWP::Authen::Negotiate::authenticate: authenticate() version 0.08 called
> LWP::Authen::Negotiate::authenticate: target hostname sso-server.com
> LWP::Authen::Negotiate::authenticate: GSSAPI servicename HTTP at sso-server.com
> LWP::Authen::Negotiate::authenticate: Unspecified GSS failure.  Minor code
> may provide more information
> LWP::Authen::Negotiate::authenticate: Credentials cache file
> '/tmp/krb5cc_500' not found
> Date: Mon, 26 May 2014 14:50:59 GMT
>
> Server: Microsoft-IIS/7.5
> WWW-Authenticate: Negotiate
> WWW-Authenticate: NTLM
> Content-Length: 1293
> Content-Type: text/html
> Client-Date: Mon, 26 May 2014 14:50:56 GMT
> Client-Peer: 173.38.52.70:443
> Client-Response-Num: 1
> Client-SSL-Cert-Issuer: /O=some Systems/CN=some SSCA2
> Client-SSL-Cert-Subject: /C=US/ST=California/L=San Jose/O=some Technology,
> Inc./CN=sso-server.com
>
> Client-SSL-Cipher: RC4-SHA
> Client-SSL-Socket-Class: IO::Socket::SSL
> Title: 401 - Unauthorized: Access is denied due to invalid credentials.
> -------------------------------------------------------------------------------------------------

More information about the Melbourne-pm mailing list