Hi Pau,
One possibility is that some CAS enabled applications (possibly
django+CAS is in this camp) do not consume the service ticket if it is
presented directly on the document url, the service ticket must be
presented on a constant url, so a slightly different approach is
required.
Also, the code below sets an httplib debuglevel flag, possibly that
might show something up.
#!/usr/bin/python
import os.path
import httplib, urllib, urllib2, cookielib
# Spring security protected urls do no consume the service ticket if it
is present on the document url, so a slightly different approach is
required
# 1. Grab the Ticket Granting Ticket (TGT)
params = urllib.urlencode({'username': 'enter-it-here', 'password':
'enter-it-here'})
headers = {"Content-type": "application/x-www-form-urlencoded",
"Accept": "text/plain"}
conn = httplib.HTTPSConnection("cas.mysite.com:8443")
conn.request("POST", "/cas/v1/tickets/", params, headers)
response = conn.getresponse()
print response.status, response.reason
data = response.read()
location = response.getheader('location')
# Pull off the TGT from the end of the location, this works for CAS
3.3-FINAL
tgt = location[location.rfind('/') + 1:]
conn.close()
print location
print tgt
print "--------------"
# 2. Grab a service ticket (ST) for a CAS protected service which
directs to a service ticket consumption page. Spring Security does this,
for example.
document = 'https://mysite.com/protected/page'
# Spring security default service ticket consumption page
#service = 'https://mysite.com/protected/j_spring_cas_security_check'
service =
'https://mysite.com/protected/service-ticket-consumption-page-whatever-t
hat-is'
params = urllib.urlencode({'service': service })
conn = httplib.HTTPSConnection("cas.mysite.com:8443")
conn.request("POST", "/cas/v1/tickets/%s" % ( tgt ), params, headers)
response = conn.getresponse()
print response.status, response.reason
st = response.read()
conn.close()
print "service: %s" % (service)
print "st : %s" % (st)
print "--------------"
url = "%s?ticket=%s" % ( service, st ) # Use &ticket if service
already has query parameters
print "url : %s" % (url)
cj = cookielib.CookieJar()
# no proxies please
no_proxy_support = urllib2.ProxyHandler({})
# we need to handle session cookies AND redirects
cookie_handler = urllib2.HTTPCookieProcessor(cj)
opener = urllib2.build_opener(no_proxy_support, cookie_handler,
urllib2.HTTPHandler(debuglevel=1))
urllib2.install_opener(opener)
print "Establishing application session via service ticket consumption
url..."
st_response = urllib2.urlopen(url).read()
# 3. Now we can grab the protected document
print "Retrieving document..."
protected_data = urllib2.urlopen(document).read()
print protected_data[:100]
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
