Re^2: support for securid login

OATH will generate the 6-digit number, but I already have it as the physical token is in my posession (it does change every 60 seconds). I want to be able to submit the form that contains PIN + Token code (pin is static + those 6 digits) and be able to pass the login screen. When I compare headers for when I submit the form manually by old method via certificate and by a new method via token, all entries are identical with the exception of the expected cookie values for session and time. I suspect that there is some ENV that I need to set. Logically it is the realm field that invokes the certificate or the ace server, so my request does not get to ace and the header comes back without cookies set with the "invalid username or password" message (when I use mechanize as oppose to login in manually, which is fine). Any ideas? The SecurId is using Juniper.

Comment on Re^2: support for securid login

Replies are listed 'Best First'.
Re^3: support for securid login by Corion (Patriarch) on Jun 11, 2013 at 07:50 UTC
Ah - I thought you wanted to completely replicate the login, given the securid secret. If your problem is "only" with replicating the communication and not with some Javascript involved in the browser, the difference must be in the data that gets sent. If all headers are equal (except for the timestamps, and session cookies), then the difference must be in the payload data. I don't know if SSL certificates get triggered by the URL or only by the host. If they get triggered by the URL, you will have to look into how LWP::UserAgent chooses the fitting certificate(s) to verify that the correct one is chosen..	[reply]
Re^4: support for securid login by Anonymous Monk on Jun 11, 2013 at 20:32 UTC
Thank a lot for you responses, Corion. Turns out I had a stupid typo in my config file that the script was reading for the static part of the code (the pin). Once I fixed that, I can successfully login and scrape what I need ;-)	[reply]