2
  • We have an iPad app displaying contents from drupal site (serving just json files).
  • our IT dept placed a SSO in front of the drupal site. WebSEAL is used for implementing SSO.
  • so when we access the drupal site from the browser we are redirected to login page (forms authentication) and we need to enter our windows user name & password to proceed.

when we tried to access the json files from ipad we are getting 401 status with html contents with url to login page. we tried to use basic authentication by sending username and password in the header but it did not worked. googling did not gave any useful solutions.

is anyone had similar issue? i just need a way authenticate with username and password from non-browser client.

sample node js code

var http = require('http');


var username = 'username';
var password = 'password';
var auth = "Basic " + new Buffer(username + ":" + password).toString("base64");


var options = {
  host: 'devhome.intranet.example.com',
  port: 80,
  path: '/app/api/rest/views/category.json',
  headers : {
    "Authorization" : auth
  }
};

http.get(options, function(res) {
  console.log("Got response: " + res.statusCode);
  console.log(res);
}).on('error', function(e) {
  console.log("Got error: " + e.message);
});

any help is highly appreciated.

thx

Mahes
  • 3,938
  • 1
  • 34
  • 39

2 Answers2

3

I know this is an old question but I tried to do very similar thing (.Net client accessing a web service behind WebSeal). No useful solution after googling.

However IBM documentation gave me a clue http://www.ibm.com/support/knowledgecenter/SSPREK_8.0.1.2/com.ibm.isamw.doc_8.0.1.2/wrp_config/task/tsk_submt_form_data_ws.html

Basically when you access a resource through Webseal from a browser, Webseal responses with a log in page. Once you enter a username and password, the form data is submitted to /pkmslogin.form . Webseal also returns a cookie so subsequent requests don't have to be authenticated again.

That means you need to send a POST request with:

The POST must be made to /pkmslogin.form. The POST request body must contain the field data for three fields: username, password, login-form-type

The value of login-form-type must be "pwd" for forms logins. The content-length header must indicate the length of the resulting request body.

I did this in .Net using HttpClient. Something like this: 

using (var httpClient = new HttpClient())
{
    // First post the authentication data
    var authenticationResult = httpClient.PostAsync("http://webseal/pkmslogin.form", 
        new FormUrlEncodedContent(
            new Dictionary<string, string>()
            {
                {"username", "user"},
                {"password", "pwd"},
                {"login-form-type", "pwd"}
            }
        )
    ).Result;
    // Now access our resource
    var webserviceResult = httpClient.GetAsync("http://webseal/webservice").Result;
}

If that doesn't work, you might need to get the Cookie returns by WebSeal and send that Cookie across every time.

Van Nguyen
  • 289
  • 3
  • 8
0
------------------------------------------------------------------------------------
STEP (1)
------------------------------------------------------------------------------------
WEBSEAL URL: https://webseal/pkmslogin.form
METHOD     : POST
TYPE       : FormUrlEncodedContent
HEADER     : Content-Type: application/x-www-form-urlencoded
BODY       : login-form-type: pwd, password: XXXXXXXX, username: AAAAAAAA
-------------------------------------------------------------------------------------


200 OK

content-length: 818
content-type: text/html
date: Thu, 28 Jun 2099 19:58:54 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: WebSEAL/6.0.0.3 (Build 060807)
pragma: no-cache
cache-control: no-cache
Set-Cookie: PD-S-SESSION-ID=2_Uufb+DPeYhDCsF2cjib-aQO6LwMn3VNM1faxbUOGbLKXqwBO; Path=/; Secure


STEP (2)
-------------------------------------------------------------------------------------
ENGAGE URL : https://webseal/engagetv/EngageAgent/MainPage.aspx?windowtype=popup&action_name=startactivity&jobTypeCode=A25&custPkey=0018048794_77
METHOD     : GET 
HEADER     : Set-Cookie: PD-S-SESSION-ID=2_Uufb+DPeYhDCsF2cjib-aQO6LwMn3VNM1faxbUOGbLKXqwBO; Path=/; Secure


200 OK

content-type: text/html; charset=utf-8
date: Thu, 28 Jun 2099 20:09:40 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-old-content-length: 28754
transfer-encoding: chunked
x-powered-by: ASP.NET
x-ua-compatible: IE=9
cache-control: private
Set-Cookie: Eng5800TicketData=TtyXO3QjJu4qSQAYI6u5rZJr7ZCDRne10O1dt9e5BgPuU02sgszMUKwWOKlSyDVeMnfXyM4XJfe93tv4lQpxgpVKzScTGzK8sIsUiOSX5gHZWtPWcGW+axoaiZcH2+g9to+JvudPAtWvP/7Ikd88qwhCCRLv0KgSBXrpYkh6UlFOe3SDGuor/3/NX9dQbXA9zCqBymhR7W2ZEDYq37lStCKsEOvzV/sUyrAAHGYpptFZzIYIDwuytUpkMi3S6n1ZaDuysxjCjVNvNez5w+M3QF2bzMf625cvlCpJSb1WSnc1ZLbSxMRLXRCrWw/jJKJ1z7c7fPJozwwks/UQyTcRUkdPmwgjiNphT9+c7+LF74k75JAayMYkjR5lD79brFl5oFquck6zyZMCCy8445N98owHOr0vqqtZZaa7qKjZDOaUprx8LD4Qlzn+/YsMEMvgBFDTt1sKdv+SUGkVPi53AzPEkrpmD0H8pdEM6GOS2gXnYZw1tf6hDf3ZDVeGrl9k2ETn6XqDuQoB80af16Ew64TXMHSQgDtur9tndltcp2nqu0Grv04ov6TZKkloAPSZZcQ6ezgivlsASyLupFBKgtcUbC1L92vuf2YVPYA0oBSqOzIsRDe2f3gqNxcBOR9/vmGAhinQ5WzgSo9BkAbGTx/ooqk6kUMbwX2bvKth1SV5oDH5hkrOdnc2pkfpByipTE8lGxvGR1r6PeY7r3WHdfDy8c4HUpLWl3BCKckrmTvIPi2llpkzVRGyWrFVWpb2X/jF+MnGvcdH9Vo7PVvn7seD9TlXXo/ef8RRUmLmykUfxxDgrA1+qru0qu7STDpW4YYY/DPGPVlqg3sX4LRt5w==; Path=/
Eng5800Theme=Default; Path=/
PD-S-SESSION-ID=2_RZOySBlG-n-s7rUo7AiXIWgujUyyWN5674O4AOlW1W3W1-9n; Path=/; Secure
...
...
Vega
  • 27,856
  • 27
  • 95
  • 103
MDCernadas
  • 1