Python and CAS Requests

Question

Python and CAS Requests

I have not found examples of how people use Python to go through CAS. Here, hopefully, perhaps Kenneth Reitz can show me how “inquiries” can do this easily ...

Basically, I can't get past the CAS login ... never authenticates my Python attempt. (note that I defined two URLs .... url1 is the main web page, url2 is the redirect link to the CAS site ... I already know the redirect link, so it simplifies it).

My understanding is all I have to do is grab the JsessionId that CAS sends to me as a cookie and then take this cookie and just add jsessionid back to the url and send it back to CAS as a POST with my username Password ) However, this script fails every time.

Can some CAS gurus help me? I just can't understand why it does not authenticate me.

import sys
import requests

my_config = {'verbose': sys.stderr }

url1 = 'http://agnes:8080'
url2 = 'https://agnes:8543/irisCAS/login?service=http%3A%2F%2Fagnes%3A8080%2FirisRootWeb%2Fj_spring_cas_security_check'

response = requests.get(url1, headers=headers, verify=False)
print response.cookies

cookies = response.cookies
response = requests.post(url2, headers=headers, verify=False, config=my_config, params=cookies, auth=('username', 'password'))

print response.status_code
print response.content

OUTPUT .... SPECIFY how jsessionId is added to url2, so ok ..... I think.

{'JSESSIONID': 'EEE38382A1D5AAACA58E12433BDA0BFF'}

2012-05-18T15:04:17.668601   POST   https://agnes:8543/irisCAS/login?service=http%3A%2F%2Fagnes%3A8080%2FirisRootWeb%2Fj_spring_cas_security_check&JSESSIONID=EEE38382A1D5AAACA58E12433BDA0BFF

200

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
...
...
        </script>

        <form id="fm1" class="fm-v clearfix" action="/irisCAS/login;jsessionid=30ABCAC79FEA5B48399053939530A608?service=http%3A%2F%2Fagnes%3A8080%2FirisRootWeb%2Fj_spring_cas_security_check&amp;JSESSIONID=B6235434D64C5E2E6C063BA3E1C1AC43" method="post">

            <div class="box fl-panel" id="login">
            <!-- Congratulations on bringing CAS online!  The default authentication handler authenticates where usernames equal passwords: go ahead, try it out.  -->
                <h2>Enter your UserId and Password</h2>

(this is just the xml of the CAS login page that I can't get past)

...
...

+3

python-requests cas urllib3

Tedburrows May 18, '12 at 20:15

source share

1 answer

Tedburrows · Answer 1 · 2012-05-20T05:32:21+0000

OK, I figured it out, so I'm going to answer it to those who can find it later. The problem is that I did not understand the basic idea of "form data". In other words, the web page had to enter the username and password in the “form”, and the virtual “send” button had to be clicked through POST, because it was an “event” (ie _eventId below). So I had to use the "data" parameter and build it all like a dictionary. This is what I did:

payload = {'_eventId': 'submit', 'lt': 'e1s1', 'submit': 'LOGIN', 'username': 'admin', 'password': 'admin'}
sessionResp = sessionReq.post(url2, data=payload, params=cookies, verify=False, config=my_config, headers=headers)

Python and CAS Requests

More articles: