Roland, I had previously reviewed the SSL Guide so that wasn't of any new help w/ regards to this problem. I did find the wiki article very well written. The only suggestion I would make is in section 5.2 to describe how to "enable the wire log" in HttpClient (or provide a link to the appropriate doc). I wasn't aware of any such facility in HTTPClient and had been using a TCP trace tool up till now. Other than that, very well written! Thanks!
John M. Corro (414) 524-7118 [EMAIL PROTECTED] 05/17/2006 10:21 AM Please respond to [email protected] To [email protected] cc Subject Re: Logging in using HTTPS form-based authentication Hello John, [EMAIL PROTECTED] wrote: > I have a situation where I'm trying to log into my bank's website which > uses HTTPS form-based authentication. I've tried posting the appropriate > username/password to the appropriate URL, but the server is not > authenticating me (keeps forwarding me to some generic error page). I've > considered several potential issues causing this failure, but am not quite > sure what to do: First, make sure you have basic SSL connectivity with the server: http://jakarta.apache.org/commons/httpclient/sslguide.html Then, follow the instructions in the Client HTTP Programming Primer: http://wiki.apache.org/jakarta-httpclient/ForAbsoluteBeginners Congratulations, you have just volunteered to be the very first alpha tester of that document :-) Please let us know whether you find it helpful, and how we could improve it. hope that helps, Roland > > 1. The website expects/requires you to go to the initial HTTPS protected > login form page. Potentially the site sets a cookie at that first page > and validates on form submission that the cookie is present. I've > experimented trying to get past (if it indeed is happening) by setting the > cookie policy on an HttpClient to BROWSER_COMPATIBLE, using that > HttpClient to execute a GetMethod to the login form page, then using the > same HttpClient to execute a PostMethod submitting the right > username/password. That didn't work. Did the steps I executed make for > an appropriate test? Is there a way I can confirm what cookie policy I > should be using? > > 2. I thought I heard/read a while back that to securely post data to an > HTTPS url, you need to initially come from an HTTPS URL as well. Is this > true? If so, is using the same HttpClient instance to execute all > GetMethods & PostMethods sufficient? > > 3. Is there any debugging techniques (examining header values, cookies, > etc) I can do to verify what exactly is causing my inability to login? > > John M. Corro > (414) 524-7118 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
