Python Requests and CAS

Question

I haven't found any examples of people utilizing Python to get through CAS. Here's hoping maybe Kenneth Reitz can show me how 'requests' can make this easy...

Basically, I can't get past the CAS login...never authenticates my Python attempt. (note, I defined two urls....url1 is the main webpage, url2 is the redirect link to the CAS site...I already know the redirect link, so makes it easy).

My understanding is all I have to do is capture the JsessionId that the CAS sends to me as a cookie, then take that cookie and just append the jsessionid back on the url and send it back to the CAS as a POST with my username/password). However, this script fails every time.

Can some CAS gurus help me out? I simply can't figure out why it won't authenticate me.

import sys
import requests

my_config = {'verbose': sys.stderr }

url1 = 'http://agnes:8080'
url2 = 'https://agnes:8543/irisCAS/login?service=http%3A%2F%2Fagnes%3A8080%2FirisRootWeb%2Fj_spring_cas_security_check'

response = requests.get(url1, headers=headers, verify=False)
print response.cookies

cookies = response.cookies
response = requests.post(url2, headers=headers, verify=False, config=my_config, params=cookies, auth=('username', 'password'))

print response.status_code
print response.content

OUTPUT .... NOTE how the jsessionId is appended to the url2, so that's good.....I think.

{'JSESSIONID': 'EEE38382A1D5AAACA58E12433BDA0BFF'}

2012-05-18T15:04:17.668601   POST   https://agnes:8543/irisCAS/login?service=http%3A%2F%2Fagnes%3A8080%2FirisRootWeb%2Fj_spring_cas_security_check&JSESSIONID=EEE38382A1D5AAACA58E12433BDA0BFF

200

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
...
...
        </script>

        <form id="fm1" class="fm-v clearfix" action="/irisCAS/login;jsessionid=30ABCAC79FEA5B48399053939530A608?service=http%3A%2F%2Fagnes%3A8080%2FirisRootWeb%2Fj_spring_cas_security_check&amp;JSESSIONID=B6235434D64C5E2E6C063BA3E1C1AC43" method="post">

            <div class="box fl-panel" id="login">
            <!-- Congratulations on bringing CAS online!  The default authentication handler authenticates where usernames equal passwords: go ahead, try it out.  -->
                <h2>Enter your UserId and Password</h2>

(this is just the xml of the CAS login page that I can't get past)

...
...

Answer 1

ok, I figured it out so I'm going to answer this for those who may find this later. The problem was I did not understand the basic idea of "form data". In other words, the webpage needed the username and password to be entered into a "form" and the the virtual "submit" button needed to be clicked through the POST because it is an 'event' (ie the _eventId below). So I had to use the 'data' parameter and build all of that as a dictionary. This is what I did:

payload = {'_eventId': 'submit', 'lt': 'e1s1', 'submit': 'LOGIN', 'username': 'admin', 'password': 'admin'}
sessionResp = sessionReq.post(url2, data=payload, params=cookies, verify=False, config=my_config, headers=headers)