Perl Mechanize and Single Sign On

rweiche has asked for the wisdom of the Perl Monks concerning the following question:

I am trying to access a website that uses Single Sign On and cannot seem to get past the login form


use WWW::Mechanize;

$mech = WWW::Mechanize->new();
$mech->cookie_jar(HTTP::Cookies->new());
$mech->get('http://mysite.com');
my @webforms = $mech->forms();
foreach my $form (@webforms)
{
   my @inputfields = $form->param;
   foreach my $inputfield (@inputfields)
   {
      if ($inputfield =~ /userID/)
      {
         $mech->set_fields($inputfield => "login");
         print "Setting userid\n";
      }
      if ($inputfield =~ /pass/)
      {
         $mech->set_fields($inputfield => "password");
         print "Setting password\n";
      }
      print $inputfield . "\n";
   }
}
$mech->click();
$statVal = $mech->status();
print $statVal . "\n";
[download]

Debug Info:
__VIEWSTATE - is a hidden field so assumed it is handled
__VIEWSTATEGENERATOR - is a hidden field so assumed it is handled
__EVENTVALIDATION - is a hidden field so assumed it is handled
ctl00$ContentPlaceHolder1$userID - login id set to this
ctl00$ContentPlaceHolder1$pass - password set to this
Received a 200 back but still stay on the login page

I know SSO uses headers as well as _VIEWSTATE but assuming that setting up the cookie jar would capture
Any pointers to further debugging or what I am missing?

Comment on Perl Mechanize and Single Sign On Download Code

Replies are listed 'Best First'.
Re: Perl Mechanize and Single Sign On by Anonymous Monk on Dec 08, 2014 at 18:08 UTC
$mech->cookie_jar(HTTP::Cookies->new()); So WWW::Mechanize does an in memory cookie_jar already, why write that? Any pointers to further debugging or what I am missing? Hmm, you iterate over all the forms on the page, and then you do ->click .... I don't think that is going to work, you never selected a form	[reply]
Re: Perl Mechanize and Single Sign On by wazat (Monk) on Dec 08, 2014 at 17:53 UTC
What is the normal sequence of events when you do things manually in a browser? Are redirects involved? Is there more than one button? Is there more than one form? Did you look at the headers? `$mech->dump_headers`	[reply] [d/l]
Re: Perl Mechanize and Single Sign On by Gangabass (Vicar) on Dec 09, 2014 at 13:06 UTC
I'm sure you need to use `$mech->submit_form()` with `button` param. `$mech->submit_form( with_fields => { login_field => "somelogin", password_field => "somepassword", }, button => "your_submit_button_name", );` [download] But may be some JavaScript magic is used by this webpage so you need to check headers submitted from your web browser (I use Firefox's HTTPFox add-on for this). Also there is no need to `$mech->cookie_jar(HTTP::Cookies->new());` [download] because Mechanize will work with cookies by default...	[reply] [d/l] [select]
Re: Perl Mechanize and Single Sign On by locked_user sundialsvc4 (Abbot) on Dec 08, 2014 at 17:28 UTC
If you are, in fact, sure that the cookie-jar is working properly (i.e. you can s-h-o-w that it contains a cookie a-n-d that the cookie is being sent back to the host ...) then pretty-much the only other alternative is that the host has added something to the returned URL-string. To conclusively figure out what is going on ... how the single-sign-on trick was done ... you must look at the actual HTTP post/response streams that are passing back-and-forth between the host and your Perl program. But first, aggressively adopt the stance of “trust, but verify.™” Do not “assume” one single thing to be the case until and unless you can prove it to be so. (Be prepared, thereafter, to feel the urge to say “d’oh!” ... but do not actually imitate Homer Simpson when that (inevitably) happens.) `:-D`