Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

How to monitor sso protected site

https://support.nagios.com/forum/viewtopic.php?t=28795

Page 1 of 2

How to monitor sso protected site

Posted: Fri Aug 22, 2014 2:40 am
by bhadre
Hi
Here I am using ckformlogin script
./ckformlogin.pl -u http://abc.com/appname/faces/index.jspx -p 'user=xyz@password=123456' -a "http://RSACLEARTRUST.com/cleartrust/ct_ ... index.jspx" -l "Welcome to your" -t "Hello"

I got message like this
ERROR: content match failed on target page

When access application from browser

Application URL http://abc.com/APP1/faces/index.jspx

Redirect to http://RSACLEARTRUST.com/cleartrust/ct_logon.jsp

After login it process like this http://RSACLEARTRUST.com/cleartrust/ct_ ... om%3A80%2F
Here it will create session and add sso header to application URL

Finally it show in browser URL http://abc.com/APP1/faces/index.jspx?_a ... wkcuwrvm_4


If I use option -d at the end

Target URL: http://abc.com/appname/faces/index.jspx
POST Data: user=xyz@password=123456
Action URL: http://RSACLEARTRUST.com/cleartrust/ct_ ... index.jspx
Login content: Welcome to your
Target content: Hello
Debug mode? 1
request for protected url: http://abc.com/appname/faces/index.jspx
attempting site login...
ERROR: content match failed on target page
DEBUG: target content:

Re: How to monitor sso protected site

Posted: Fri Aug 22, 2014 2:49 pm
by sreinhardt
Could you post a link to, or this plugin, so that we can take a look at it. I don't think this is one we have seen before.

Re: How to monitor sso protected site

Posted: Fri Aug 22, 2014 7:55 pm
by bhadre
Hi sreinhardt,

Uploaded the plugin.

Thanks,
Bhadre

Re: How to monitor sso protected site

Posted: Mon Aug 25, 2014 11:16 am
by tmcdonald
Looking through the code for the error messages you posted, I see two things right away:

1.)

Code: Select all

log_d("DEBUG: target content: " . $response->content);
That should probably reference $opt_t instead of $response->content.

2.) Since the above code is (erroneously) referencing $response->content and trying to print it, we can imply that the response content is empty since the "DEBUG: target content:" string is empty. Try adding in a debug string to print out the contents of the response:

Line 113:

Code: Select all

print Dumper($response);
Then at the beginning of the file add:

Code: Select all

use Data::Dumper;
Then run and post results here.

Re: How to monitor sso protected site

Posted: Tue Aug 26, 2014 12:46 am
by bhadre
Here is the response I got after adding


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>

<HEAD>
<TITLE>My Account</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

<META HTTP-EQUIV="refresh" CONTENT="0;url=http://abc.com:80/">
</HEAD>
<BODY>


</BODY>

</HTML>
',
'_rc' => '200',
'_headers' => bless( {
'connection' => 'close',
'client-response-num' => 1,
'date' => 'Tue, 26 Aug 2014 05:43:18 GMT',
'client-peer' => '10.xx.xx.xx:80',
'client-date' => 'Tue, 26 Aug 2014 05:43:18 GMT',
'content-type' => 'text/html;charset=ISO-8859-1',
'refresh' => '0;url=http://abc.com:80/',
'server' => 'Sun-ONE-Web-Server/6.1',
'title' => 'My Account'
}, 'HTTP::Headers' ),
'_msg' => 'OK',
'_request' => bless( {
'_content' => 'user=xyz&password=123456',
'_uri' => bless( do{\(my $o = 'http://RSACLEARTRUST.com/cleartrust/ct_ ... om%3A80%2F')}, 'URI::http' ),
'_headers' => bless( {
'cookie2' => '$Version="1"',
'user-agent' => 'Identicentric CkFormLogin Plugin 1.0',
'content-type' => 'application/x-www-form-urlencoded',
'cookie' => 'JSESSIONID=E06F06AFF20BF086DDE3558833906476; ACTSESSION=aHR0cDovL29pbS5zaGVyd2luLmNvbTo4MC9zd2lkL2ZhY2VzL2luZGV4LmpzcHg%3D'
}, 'HTTP::Headers' ),
'_method' => 'POST',
'_uri_canonical' => bless( do{\(my $o = 'http://RSACLEARTRUST.com/cleartrust/ct_ ... om%3A80%2F')}, 'URI::http' )
}, 'HTTP::Request' )
}, 'HTTP::Response' );

Re: How to monitor sso protected site

Posted: Tue Aug 26, 2014 5:04 pm
by tmcdonald
So the actual body content definitely is empty. I'm really not too familiar with this plugin and its quirks; are you sure you are giving it the correct URLs? The URL with "CT_ORIG_URL=" in it seems like it might be causing issues. Have you tried giving it just the base URL for the -a parameter?

Re: How to monitor sso protected site

Posted: Thu Aug 28, 2014 9:55 am
by bhadre
Yes I have tried giving the base URL

CT_ORIG_URL= will be taken automatically (This is RSA Cleartrust URL)

Re: How to monitor sso protected site

Posted: Fri Aug 29, 2014 12:35 am
by bhadre
I found why its failing but dont know how to proceed further
In the response I can see base URL is

'https://RSACLEARTRUST.com/cleartrust/ct_home.jsp

But its should redirect to Application base URL.

If I access the application from browser
Application URL redirect to clear trust URL after login entry redirecting to clear trust home page
then it will redirect to CT_ORIG_URL(application URL) automatically.

Can you please help

cheers,
Bhadre

Re: How to monitor sso protected site

Posted: Fri Aug 29, 2014 2:07 pm
by sreinhardt
Is this actually an apache/nginx/web server redirect rule or does the javascript get evaluated and forward you on to a separate page? It would seem strange to query a specific uri down to file level, only to have a redirect rule forward you somewhere else, opposed to the actual page evaluate who you are and where you should go.

Re: How to monitor sso protected site

Posted: Mon Sep 01, 2014 8:14 pm
by bhadre
Yes from Sun on websevver(Clear trust) with Javascript.
All times are UTC-05:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited