cURL / Mailing Lists / curl-users / Single Mail

curl-users

Authentication via proxy on a cloud

From: Rohit Kanchan <rohit.kanchan_at_gmail.com>
Date: Fri, 27 Jul 2012 16:00:59 -0400

Hi All,

I use zscaler cloud proxy which does the authentication via SAML - single
sign on. I want to monitor the proxy servers using command line curl
This is what I am trying... but can't get the authentication right. Can
someone help?

C:\curl>curl -v -A "MSIE 9.0" -x 10.70.0.10:80 -L
http://www.addictinggames.com/ -b 'Cookie: _sm_au_c=iVVTqsqrJN4FSk5P0c' -k
--insecure

* About to connect() to proxy 10.70.0.10 port 80 (#0)
* Trying 10.70.0.10...
* connected
* Connected to 10.70.0.10 (10.70.0.10) port 80 (#0)
> GET http://www.addictinggames.com/ HTTP/1.1
> User-Agent: MSIE 9.0
> Host: www.addictinggames.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 307 Temporary Redirect
< Content-Length: 0
< Location:
https://gateway.zscaler.net:443/auD?origurl=http%3A%2F%2Fwww%2eaddic
tinggames%2ecom%2f&wexps=1
< Cache-Control: no-store,no-cache
< Pragma: no-cache
< Content-Type: text/html
< P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
* Added cookie _sm_au_d="1" for domain addictinggames.com, path /, expire 0
< Set-Cookie: _sm_au_d=1;path=/;domain=.addictinggames.com
<
* Connection #0 to host 10.70.0.10 left intact
* Issue another request to this URL: '
https://gateway.zscaler.net:443/auD?origur
l=http%3A%2F%2Fwww%2eaddictinggames%2ecom%2f&wexps=1'
* About to connect() to proxy 10.70.0.10 port 80 (#1)
* Trying 10.70.0.10...
* connected
* Connected to 10.70.0.10 (10.70.0.10) port 80 (#1)
* Establish HTTP proxy tunnel to gateway.zscaler.net:443
> CONNECT gateway.zscaler.net:443 HTTP/1.1
> Host: gateway.zscaler.net:443
> User-Agent: MSIE 9.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection Established
< Proxy-Agent: Zscaler/3.6
<
* Proxy replied OK to CONNECT request
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=US; ST=California; L=Sunnyvale; O=Zscaler, Inc.;
CN=*.zscale
r.net
* start date: 2012-01-16 00:00:00 GMT
* expire date: 2013-12-30 12:00:00 GMT
* subjectAltName: gateway.zscaler.net matched
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert
Global C
A (2048)
* SSL certificate verify result: unable to get local issuer
certificate (
20), continuing anyway.
> GET /auD?origurl=http%3A%2F%2Fwww%2eaddictinggames%2ecom%2f&wexps=1
HTTP/1.1
> User-Agent: MSIE 9.0
> Host: gateway.zscaler.net
> Accept: */*
>
< HTTP/1.1 307 Temporary Redirect
< Content-Length: 0
< Location:
https://gateway.zscaler.net:443/auT?origurl=http%3A%2F%2Fwww%2eaddic
tinggames%2ecom%2f&wexps=1&wexps=1
< Cache-Control: no-store,no-cache
< Pragma: no-cache
< Content-Type: text/html
* Added cookie _sm_au_d="1" for domain gateway.zscaler.net, path /, expire 0
< Set-Cookie: _sm_au_d=1;path=/;domain=gateway.zscaler.net;Secure;HttpOnly;
< P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
<
* Connection #1 to host 10.70.0.10 left intact
* Issue another request to this URL: '
https://gateway.zscaler.net:443/auT?origur
l=http%3A%2F%2Fwww%2eaddictinggames%2ecom%2f&wexps=1&wexps=1'
* Re-using existing connection! (#1) with host 10.70.0.10
* Connected to 10.70.0.10 (10.70.0.10) port 80 (#1)
> GET
/auT?origurl=http%3A%2F%2Fwww%2eaddictinggames%2ecom%2f&wexps=1&wexps=1 HT
TP/1.1
> User-Agent: MSIE 9.0
> Host: gateway.zscaler.net
> Accept: */*
> Cookie: _sm_au_d=1
>
< HTTP/1.1 200 OK
< Content-Type: text/html
< Server: Zscaler/3.6
< Cache-Control: no-cache
< P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
< Content-length: 2985
* Added cookie _sm__fch="Z6R4D5PF4TWTM" for domain gateway.zscaler.net,
path /,
expire 0
< Set-Cookie: _sm__fch=Z6R4D5PF4TWTM
<
<html><head><title>Welcome To Zscaler Directory
Authentication</title></head><bo
dy style="margin-top:50px"
onload="setTimeout('document.forms[0].submit()',3000)
"><noscript><p>Javascript is disabled, please press the Submit button to
proceed
.</p></noscript><script language="JavaScript"
type="text/JavaScript">document.wr
ite("<p><center>You will be re-directed to the IDP in 3
seconds.</center></p>");
function flash_enable() { document.uform.flshenb.value="1set";}function
validate
(myform) {}function display_form_exp() { if(document.getElementById) {
flash_en
able(); var f = document.getElementById("flashform"); f.style.display =
'block
'; }}function sendcookie(url) { document.location.href = url;}var
cint;function
flcheck() { clearInterval(cint); var f =
document.getElementById("flashform"); f
.style.display = 'block';}function flonload() { cint = setInterval(flcheck,
1500
0);}</script><script type="text/javascript"
src="zscaler.js"></script><script la
nguage="JavaScript" type="text/JavaScript">var has_flash=0;var flash_params
="a=
g&u=https%3a%2f%2fgateway%2ezscaler%2enet%3a443%2fauF%3forigurl%3dhttp%253A%252F
%252Fwww%252eaddictinggames%252ecom%252f%26wexps%3d1%26wexps%3d1";swfobject.embe
dSWF("zscaler.swf?"+flash_params,"flashobj","16","16","6.0.65");if(swfobject.has
FlashPlayerVersion("7.0.00")) { has_flash=1;
swfobject.createCSS(".formhide","di
splay:none;"); swfobject.addLoadEvent(flonload);}</script><div
id="flashobj"></d
iv><div id="flashform" class="formhide"><form name="uform" method="post"
action=
"https://login.zscaler.net:443/smsamlq" id="uform"><input type="hidden"
name="ur
losfc" size="25"
value="origurl=http%3A%2F%2Fwww%2eaddictinggames%2ecom%2f&wexps
=1&wexps=1"><input type="hidden" name="urlodmn" size="25"
value="http%3A%2F%2Fww
w%2eaddictinggames%2ecom%2f"><input type="hidden" name="saml_id" size="25"
value
="1NW60fRMt4frN"><input type="hidden" name= "jscript" size="4"
value="0set"><inp
ut type="hidden" name= "flshenb" size="25" value="0set"><table width="50%"
borde
r="0" align="center" cellpadding="0" cellspacing="0"><tr><td
class="login_border
"><table width="100%" border="0" align="center" cellpadding="0"
cellspacing="0">
<tr><td height="10" valign="top" class= "enduser_border"></td></tr><tr><td
heigh
t="25" valign="top" class="enduser_border"><table width="100%" border="0"
cellpa
dding="0" cellspacing="0"><tr><td height="15" valign="top"
class="enduser_border
"></td></tr><tr><td colspan="2" align="center"><noscript><input
align="center" t
ype="submit" name="lsubmit"
style="color:#FFFFFF;font-size:12px;background-color
:#5b77a9" size="10" value="Submit" onclick="return
validate(this.form);"></noscr
ipt>&nbsp;</td></tr></table></td></tr><tr><td height="15" valign="top"
class="en
duser_border"></td></tr></table></td></tr><tr><td></td></tr></table></form></div
><script language="Javascript" type="text/javascript">if(document.forms &&
docum
ent.forms[0] && document.forms[0].jscript)
document.forms[0].jscript.value="1set
";</script></body></html>* Connection #1 to host 10.70.0.10 left intact
* Re-using existing connection! (#0) with host 10.70.0.10
* Connected to 10.70.0.10 (10.70.0.10) port 80 (#0)
> GET http://_sm_au_c=iVVTqsqrJN4FSk5P0c' HTTP/1.1
> User-Agent: MSIE 9.0
> Host: _sm_au_c=iVVTqsqrJN4FSk5P0c'
> Accept: */*
> Proxy-Connection: Keep-Alive
>
* HTTP 1.0, assume close after body
< HTTP/1.0 400 Bad request
< Server: Zscaler/3.6
< Content-Type: text/html
< Connection: close
<
<html><head><title>400 Bad Request</title></head>
<body><h1>Bad Request</h1>
<p>Your browser sent a request that this server could not
understand.<br></p>
</body></html>
* Recv failure: Connection was reset
* Closing connection #0
curl: (56) Recv failure: Connection was reset
* Closing connection #1
* SSLv3, TLS alert, Client hello (1):

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-07-27