How to monitor sso protected site
How to monitor sso protected site
Hi
Here I am using ckformlogin script
./ckformlogin.pl -u http://abc.com/appname/faces/index.jspx -p 'user=xyz@password=123456' -a "http://RSACLEARTRUST.com/cleartrust/ct_ ... index.jspx" -l "Welcome to your" -t "Hello"
I got message like this
ERROR: content match failed on target page
When access application from browser
Application URL http://abc.com/APP1/faces/index.jspx
Redirect to http://RSACLEARTRUST.com/cleartrust/ct_logon.jsp
After login it process like this http://RSACLEARTRUST.com/cleartrust/ct_ ... om%3A80%2F
Here it will create session and add sso header to application URL
Finally it show in browser URL http://abc.com/APP1/faces/index.jspx?_a ... wkcuwrvm_4
If I use option -d at the end
Target URL: http://abc.com/appname/faces/index.jspx
POST Data: user=xyz@password=123456
Action URL: http://RSACLEARTRUST.com/cleartrust/ct_ ... index.jspx
Login content: Welcome to your
Target content: Hello
Debug mode? 1
request for protected url: http://abc.com/appname/faces/index.jspx
attempting site login...
ERROR: content match failed on target page
DEBUG: target content:
Here I am using ckformlogin script
./ckformlogin.pl -u http://abc.com/appname/faces/index.jspx -p 'user=xyz@password=123456' -a "http://RSACLEARTRUST.com/cleartrust/ct_ ... index.jspx" -l "Welcome to your" -t "Hello"
I got message like this
ERROR: content match failed on target page
When access application from browser
Application URL http://abc.com/APP1/faces/index.jspx
Redirect to http://RSACLEARTRUST.com/cleartrust/ct_logon.jsp
After login it process like this http://RSACLEARTRUST.com/cleartrust/ct_ ... om%3A80%2F
Here it will create session and add sso header to application URL
Finally it show in browser URL http://abc.com/APP1/faces/index.jspx?_a ... wkcuwrvm_4
If I use option -d at the end
Target URL: http://abc.com/appname/faces/index.jspx
POST Data: user=xyz@password=123456
Action URL: http://RSACLEARTRUST.com/cleartrust/ct_ ... index.jspx
Login content: Welcome to your
Target content: Hello
Debug mode? 1
request for protected url: http://abc.com/appname/faces/index.jspx
attempting site login...
ERROR: content match failed on target page
DEBUG: target content:
-
- -fno-stack-protector
- Posts: 4366
- Joined: Mon Nov 19, 2012 12:10 pm
Re: How to monitor sso protected site
Could you post a link to, or this plugin, so that we can take a look at it. I don't think this is one we have seen before.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Re: How to monitor sso protected site
Hi sreinhardt,
Uploaded the plugin.
Thanks,
Bhadre
Uploaded the plugin.
Thanks,
Bhadre
- Attachments
-
- ckformlogin-master.zip
- (10.82 KiB) Downloaded 288 times
Re: How to monitor sso protected site
Looking through the code for the error messages you posted, I see two things right away:
1.)
That should probably reference $opt_t instead of $response->content.
2.) Since the above code is (erroneously) referencing $response->content and trying to print it, we can imply that the response content is empty since the "DEBUG: target content:" string is empty. Try adding in a debug string to print out the contents of the response:
Line 113:
Then at the beginning of the file add:
Then run and post results here.
1.)
Code: Select all
log_d("DEBUG: target content: " . $response->content);
2.) Since the above code is (erroneously) referencing $response->content and trying to print it, we can imply that the response content is empty since the "DEBUG: target content:" string is empty. Try adding in a debug string to print out the contents of the response:
Line 113:
Code: Select all
print Dumper($response);
Code: Select all
use Data::Dumper;
Former Nagios employee
Re: How to monitor sso protected site
Here is the response I got after adding
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE>My Account</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META HTTP-EQUIV="refresh" CONTENT="0;url=http://abc.com:80/">
</HEAD>
<BODY>
</BODY>
</HTML>
',
'_rc' => '200',
'_headers' => bless( {
'connection' => 'close',
'client-response-num' => 1,
'date' => 'Tue, 26 Aug 2014 05:43:18 GMT',
'client-peer' => '10.xx.xx.xx:80',
'client-date' => 'Tue, 26 Aug 2014 05:43:18 GMT',
'content-type' => 'text/html;charset=ISO-8859-1',
'refresh' => '0;url=http://abc.com:80/',
'server' => 'Sun-ONE-Web-Server/6.1',
'title' => 'My Account'
}, 'HTTP::Headers' ),
'_msg' => 'OK',
'_request' => bless( {
'_content' => 'user=xyz&password=123456',
'_uri' => bless( do{\(my $o = 'http://RSACLEARTRUST.com/cleartrust/ct_ ... om%3A80%2F')}, 'URI::http' ),
'_headers' => bless( {
'cookie2' => '$Version="1"',
'user-agent' => 'Identicentric CkFormLogin Plugin 1.0',
'content-type' => 'application/x-www-form-urlencoded',
'cookie' => 'JSESSIONID=E06F06AFF20BF086DDE3558833906476; ACTSESSION=aHR0cDovL29pbS5zaGVyd2luLmNvbTo4MC9zd2lkL2ZhY2VzL2luZGV4LmpzcHg%3D'
}, 'HTTP::Headers' ),
'_method' => 'POST',
'_uri_canonical' => bless( do{\(my $o = 'http://RSACLEARTRUST.com/cleartrust/ct_ ... om%3A80%2F')}, 'URI::http' )
}, 'HTTP::Request' )
}, 'HTTP::Response' );
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE>My Account</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META HTTP-EQUIV="refresh" CONTENT="0;url=http://abc.com:80/">
</HEAD>
<BODY>
</BODY>
</HTML>
',
'_rc' => '200',
'_headers' => bless( {
'connection' => 'close',
'client-response-num' => 1,
'date' => 'Tue, 26 Aug 2014 05:43:18 GMT',
'client-peer' => '10.xx.xx.xx:80',
'client-date' => 'Tue, 26 Aug 2014 05:43:18 GMT',
'content-type' => 'text/html;charset=ISO-8859-1',
'refresh' => '0;url=http://abc.com:80/',
'server' => 'Sun-ONE-Web-Server/6.1',
'title' => 'My Account'
}, 'HTTP::Headers' ),
'_msg' => 'OK',
'_request' => bless( {
'_content' => 'user=xyz&password=123456',
'_uri' => bless( do{\(my $o = 'http://RSACLEARTRUST.com/cleartrust/ct_ ... om%3A80%2F')}, 'URI::http' ),
'_headers' => bless( {
'cookie2' => '$Version="1"',
'user-agent' => 'Identicentric CkFormLogin Plugin 1.0',
'content-type' => 'application/x-www-form-urlencoded',
'cookie' => 'JSESSIONID=E06F06AFF20BF086DDE3558833906476; ACTSESSION=aHR0cDovL29pbS5zaGVyd2luLmNvbTo4MC9zd2lkL2ZhY2VzL2luZGV4LmpzcHg%3D'
}, 'HTTP::Headers' ),
'_method' => 'POST',
'_uri_canonical' => bless( do{\(my $o = 'http://RSACLEARTRUST.com/cleartrust/ct_ ... om%3A80%2F')}, 'URI::http' )
}, 'HTTP::Request' )
}, 'HTTP::Response' );
Re: How to monitor sso protected site
So the actual body content definitely is empty. I'm really not too familiar with this plugin and its quirks; are you sure you are giving it the correct URLs? The URL with "CT_ORIG_URL=" in it seems like it might be causing issues. Have you tried giving it just the base URL for the -a parameter?
Former Nagios employee
Re: How to monitor sso protected site
Yes I have tried giving the base URL
CT_ORIG_URL= will be taken automatically (This is RSA Cleartrust URL)
CT_ORIG_URL= will be taken automatically (This is RSA Cleartrust URL)
Re: How to monitor sso protected site
I found why its failing but dont know how to proceed further
In the response I can see base URL is
'https://RSACLEARTRUST.com/cleartrust/ct_home.jsp
But its should redirect to Application base URL.
If I access the application from browser
Application URL redirect to clear trust URL after login entry redirecting to clear trust home page
then it will redirect to CT_ORIG_URL(application URL) automatically.
Can you please help
cheers,
Bhadre
In the response I can see base URL is
'https://RSACLEARTRUST.com/cleartrust/ct_home.jsp
But its should redirect to Application base URL.
If I access the application from browser
Application URL redirect to clear trust URL after login entry redirecting to clear trust home page
then it will redirect to CT_ORIG_URL(application URL) automatically.
Can you please help
cheers,
Bhadre
-
- -fno-stack-protector
- Posts: 4366
- Joined: Mon Nov 19, 2012 12:10 pm
Re: How to monitor sso protected site
Is this actually an apache/nginx/web server redirect rule or does the javascript get evaluated and forward you on to a separate page? It would seem strange to query a specific uri down to file level, only to have a redirect rule forward you somewhere else, opposed to the actual page evaluate who you are and where you should go.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Re: How to monitor sso protected site
Yes from Sun on websevver(Clear trust) with Javascript.