How to handle site minder authentication

Ellen Kang

unread,

Apr 19, 2018, 2:33:15 PM4/19/18

to REST assured

The API I am testing is redirected to site minder login page first, please see the html below , no action in the form, form authentication doesn't work.

given().auth().basic(<username>, <password>).when().get(uri); - returns html file of the site minder.

How to do under such situation?

<html>

<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title>PPS Authentication via SiteMinder Password Services</title>
<SCRIPT LANGUAGE="JavaScript">
function resetCredFields()
{
document.Login.PASSWORD.value = "";
}

function submitForm()
{
document.Login.submit();
}

</SCRIPT>

</head>

<table width="50%" height=200 border=1 cellpadding=0 cellspacing=0 >
<tr>
<td ALIGN="CENTER" VALIGN="CENTER" HEIGHT=40 COLSPAN=4 NOWRAP BGCOLOR="#FFFFCC">
       <font size="+2" face="Arial,Helvetica">
  <b>PPS</b></font>
     </td>
</tr>
<tr>
    <td>
   
      <table WIDTH="100%" HEIGHT=200 BGCOLOR="#FFFFFF" border=0 cellpadding=0 cellspacing=0 >

<tr>
   <td ALIGN="CENTER" VALIGN="CENTER" HEIGHT=40 COLSPAN=4 NOWRAP BGCOLOR="#FFFFFF">
  <font size="+1" face="Arial,Helvetica">
  <b>Please Login</b></font>
       </td>
</tr>

<tr>
   <td WIDTH=20 > </td>
   <td ALIGN="LEFT" >
      <b><font size=-1 face="arial,helvetica" > Username: </font></b>
    </td>
   <td ALIGN="LEFT" >
     <input type="text" name="USER" size="30" style="margin-left: 1px">
    </td>
   <td WIDTH=20 > </td>
</tr>

<tr>
   <td WIDTH=20 > </td>
   <td >
      <b><font size=-1 face="arial,helvetica" > Password: </font></b>
       </td>
   <td ALIGN="left" >
     <input type="password" name="PASSWORD" size="30" style="margin-left: 1px">
   </td>
   <td WIDTH=20 > </td>
</tr>

</body>
</html>

Johan Haleby

unread,

Apr 20, 2018, 2:53:37 AM4/20/18

to rest-a...@googlegroups.com

This login is done via javascript you have to find out the path/location to where the form is posted (for example by using chrome developer tools or wireshark) and the create a FormAuthConfig that includes this path. For example:

given().auth().form("username", "password", new FormAuthConfig("/the/path/you/have/to/find", "name", "password")). ..

Now it seems that there are some hidden fields in your response that might be required for authentication to succeed so you might need to do something like this:

given().auth().form("username", "password", new FormAuthConfig("/the/path/you/have/to/find", "name", "password")).withCsrfFieldName("smagentname"). ..

If additional fields are required you'd have to first do a get request to receive the page and then parse out all the fields using XmlPath with CompatibilityMode HTML and then construct the POST request yourself:

given().formParam("user", "username").formParam("password", "password").formParam("smquerydata", ...).formParam("smauthreason", ...). ..

/Johan

--
You received this message because you are subscribed to the Google Groups "REST assured" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rest-assured+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ellen

unread,

Apr 20, 2018, 8:51:57 PM4/20/18

to REST assured

Thank you so much Johan.

I used the Chrome developer tool and found the following in the Response Headers

Location:https://xxxxxx.xx.xxx.org:1443/login.fcc?TYPE=33554433&REALMOID=06-000d1a64-ea69-1947-a311-9b850a33a0be&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-OL9V%2fqlt7%2f7L%2bn9klS4%2bVH5DvC2Gidql5iLqO6CXQTQPU4e4QgjI67sYeeeFAewI&TARGET=-SM-http%3a%2f%2XXXXXXXXX

Is https://xxxxxx.xx.xxx.org:1443/login.fcc? the path for FormAuthConfig()?

I tried given().auth().form("username", "password", new FormAuthConfig("/the/path/you/have/to/find", "name", "password")).withCsrfFieldName("smagentname").when().get(uri); doesn't work

I am trying to construct post request, Can you give me some code example?

Thanks

Ellen

To unsubscribe from this group and stop receiving emails from it, send an email to rest-assured...@googlegroups.com.

Ellen

unread,

Apr 23, 2018, 8:06:10 PM4/23/18

to REST assured

cannot do authentication at the site minder page directly, it returns HTTP 500.

I tried to use the code in https://groups.google.com/forum/#!topic/rest-assured/MSw47z_pzpc

RequestSpecBuilder builder = new RequestSpecBuilder();

RequestSpecification spec = builder.setAuth(authScheme)

.addParam("password","<password>")

.addParam("user","<user name>")

.build();

Response res1 = RestAssured.given().spec(spec).when().post(API_uri);

String jsString = res1.thenReturn().asString();

returns

<HTML><HEAD><TITLE></TITLE></HEAD><BODY onLoad="document.AUTOSUBMIT.submit();">This page is used to hold your data while you are being authorized for your request.<BR><BR>You will be forwarded to continue the authorization process. If this does not happen automatically, please click the Continue button below.<FORM NAME="AUTOSUBMIT" METHOD="POST" ENCTYPE="application/x-www-form-urlencoded" ACTION=https://xxxx.xx.xxx.org:1443/login.fcc?TYPE=33554433&REALMOID=06-000d1a64-ea69-1947-a311-9b850a33a0be&GUID=&SMAUTHREASON=0&METHOD=POST&SMAGENTNAME=-SM-OL9V%2fqlt7%2f7L%2bn9klS4%2bVH5DvC2Gidql5iLqO6CXQTQPU4e4QgjI67sYeeeFAewI&TARGET=-SM-http%3a%2f%2xxxx%2exx%2efrb%2exxx%3a1080%xxxxxxx%2fxxxx%2fxxxx><INPUT TYPE="HIDDEN" NAME="SMPostPreserve" VALUE="2xAzhdGH6rDEWmK0cYtjiILWj7oPMaHev1xXP8QkZiKNBNSGZ0eCscoACs25RPl2TV2v/Gs2ctJ2Ugqd65x+kUlCrTZR6/ou"><INPUT TYPE="SUBMIT" VALUE="Continue"></FORM></BODY></HTML>

I don't know how to construct the post request with form auth, can I hard code the ACTION in new FormAuthConfig() with the information above?

Thanks

Ellen

unread,

Apr 24, 2018, 6:36:28 PM4/24/18

to REST assured

https://www.codeproject.com/Articles/80314/How-to-Connect-to-a-SiteMinder-Protected-Resource

a detailed explanation of siteMinder.

karthi v

unread,

May 17, 2018, 12:08:06 AM5/17/18

to REST assured

Hi Ellen,

Were you able to succeed with the siteminder authentication? If yes, can you please share the code sample?