curl-users
Problem with SecurID + NTLM Authentication
Date: Tue, 6 Jan 2004 10:33:05 -0800 (PST)
Hello -
I'm trying to monitor an Outlook Web Access mail
server for availability with cURL. There's a 2-step
authentication process to our OWA server
1) users authenticate with SecurID
2) users receive a pop-up box and authenticate with
NTLM
After successfully completing these two
authentications, the user's mailbox is returned.
I've set up a static password for the SecurID test
account and that portion of the authentication works
fine. However, cURL does not seem to be following the
SecurID redirect.
I'm using curl-7.10.6-7 and the command line I'm using
is:
curl -x <proxy_server_address>:80 -i
--location-trusted --ntlm -u <account>:<password> -d
"username=<account>&passcode=<password>"
https://<owa_server_name>/WebID/sdiis.dll -v
I've attached the verbose output below. Thanks in
advance for any help you may be able to give.
Regards,
Todd
* About to connect() to <proxy_server>:80
* Connected to <proxy_server> port 80
* Establish HTTP proxy tunnel to <owa_server_name>:443
< HTTP/1.0 200 Connection established
< Proxy-agent: InterScan 2.0
* Proxy replied to CONNECT request
* SSL connection using RC4-MD5
* Server certificate:
<certificate_info>
> POST /WebID/sdiis.dll HTTP/1.1
Authorization: NTLM <ntlm_string>
User-Agent: curl/7.10.6 (i386-redhat-linux-gnu)
libcurl/7.10.6 OpenSSL/0.9.7a ipv6 zlib/1.1.4
Host: <owa_server_name>
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, */*
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
username=<account>&passcode=<password>< HTTP/1.1 401
Access Denied
HTTP/1.1 401 Access Denied
< Server: Microsoft-IIS/5.0
Server: Microsoft-IIS/5.0
< Date: Tue, 06 Jan 2004 16:12:30 GMT
Date: Tue, 06 Jan 2004 16:12:30 GMT
< WWW-Authenticate: NTLM <ntlm_string>
WWW-Authenticate: NTLM <ntlm_string>
< Content-Length: 4033
Content-Length: 4033
< Content-Type: text/html
Content-Type: text/html
* Ignoring the response-body
* Connection #0 left intact
* Issue another request to this URL:
'https://<owa_server_name>/WebID/sdiis.dll'
* Re-using existing connection! (#0)
* Connected to <proxy_server> port 80
> POST /WebID/sdiis.dll HTTP/1.1
Authorization: NTLM <ntlm_string>
User-Agent: curl/7.10.6 (i386-redhat-linux-gnu)
libcurl/7.10.6 OpenSSL/0.9.7a ipv6 zlib/1.1.4
Host: <owa_server_name>
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, */*
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
username=<account>&passcode=<password>< HTTP/1.1 100
Continue
HTTP/1.1 100 Continue
< Server: Microsoft-IIS/5.0
Server: Microsoft-IIS/5.0
< Date: Tue, 06 Jan 2004 16:12:30 GMT
Date: Tue, 06 Jan 2004 16:12:30 GMT
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: Microsoft-IIS/5.0
Server: Microsoft-IIS/5.0
< Date: Tue, 06 Jan 2004 16:12:32 GMT
Date: Tue, 06 Jan 2004 16:12:32 GMT
< Connection: close
Connection: close
< Set-Cookie: rsa-local=<account_followed by long
cookie string>; path=/; Secure
Set-Cookie: rsa-local=<account_followed by long cookie
string>; path=/; Secure
< Pragma: no-cache
Pragma: no-cache
< Cache-control: no-cache,max-age=0,must-revalidate
Cache-control: no-cache,max-age=0,must-revalidate
< Expires: 0
Expires: 0
< Refresh: 1; URL=/
Refresh: 1; URL=/
< Pragma: no-cache
Pragma: no-cache
< Cache-control: no-cache,max-age=0,must-revalidate
Cache-control: no-cache,max-age=0,must-revalidate
< Expires: 0
Expires: 0
< Content-Type: text/html
Content-Type: text/html
<HTML>
<HEAD>
<TITLE>RSA SecurID Redirect</TITLE>
<script language="JavaScript">
<!--
function check_popup()
{
if (window.name == "SecurIDPopup") {
alert('Authentication successful');
window.close();
}
}
//-->
</script>
</HEAD>
<BODY language="JavaScript" onload="check_popup()">
<img alt=banner
src="/WebID/sdiis.dll?GetPic?image=securid_banner">
<CENTER>
<H1>RSA SecurID Redirect</H1>
<P><H2>Authentication Success
<strong></strong></H2></P>
<P><H2>
<A
HREF="/WebID/sdiis.dll?RedirectURL?redirect=/">Click
this link if you are not redirected in 1 second.</A>
</H2></P>
</CENTER>
</BODY>
</HTML>
* Closing connection #0
__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
Received on 2004-01-06