lewars has asked for the wisdom of the Perl Monks concerning the following question:

We have built a simple Perl CGI to allow us to check for SiteMinder SM Session cookies, variables passed in the URI and to redirect the browser to our Federation server while maintaining the Federation Session ticket.

The requestor will be sent to an error page if any of these conditions exist:

  • If no SiteMinder SM Session is provided there is an error
  • If no Resume Path is set, meaning there is no Ping Federation ticket
  • If browser posts the request and was already sent to the script within 15 seconds, indicating a loop

    • I have used several code examples on Perl Monks, forgive me for not detailing each one in the script below....

    I will gladly accept any tips to make the code more terse/concise, thanks in advance!

    The script is hosted on Apache and is executed called like the following:

  • https://localhost/wrp/resumepath.pl?resumePath=%2Fidp%2FXRTG8%2Fresume%2Fidp%2Fprp.ping&env=prod

    • #!/usr/bin/perl
#
#  PROGRAM:    resumepath.pl
#
#  PURPOSE:     This script checks the request for cookies and environ
+ment variables and redirects customer 
#        back to the federation environment with good session
#  CREATED:     June 30, 2015  by Mitchell Lewars
#               Thanks for help to Björn Vildljung
#               Lots of examples used from Perl Monks web site

use CGI qw(:standard);
#use warnings;

$query = new CGI;

$perror = 0;        #//Set to 1 in case of an error.
$wearelooping = 0;    #//Set to one if a user returns withing 15 secon
+ds, indicating a redirect-loop.
$redirectURL = "https://federate-qa.localhost.com";

#---- Next get the current values

$gotcookies = $ENV{"HTTP_COOKIE"};
$env = $query->param('env');
$resumepath = $query->param('resumePath');


#// Check for the env= entry in the URL. If it is set to prod, use pro
+d federation, else use QA.

  if ( $env =~ 'prod') { $redirectURL = "https://federate.localhost.co
+m"}

#// Check that the PF-session information is passed as expected, if no
+t, we got an error. Otherwise, add it to redirectURL

  if ( $resumepath ) { $redirectURL .= $resumepath }
  else { $perror=1 }
       

# Verify that there is an SMSESSION, otherwise we got somebody accessi
+ng us the wrong way, and therefor probably for the wrong reasons. ERR
+OR!

#$perror = 1; # if customer has no SMSESSION they reached this page in
+ error
if (!( $gotcookies =~ /smsession/i)) { $perror = 1}

# Check if there is already an SMPF, if so we are looping
if ( $gotcookies =~ /smpf/i) { $wearelooping = 1}


#// Check to see if a Cookie named SMPF is avalible. If not, we set it
+ and give it a 15 second lifetime. If it is there, we got a redirect 
+loop.


if (($wearelooping eq 0) && ($perror eq  0)) {
    $cookie = $query->cookie(-name=>'SMPF',
             -value=>'1',
             -expires=>'+15s',
             -path=>'/');
    print $query->redirect(
           -cookie => $cookie,
           -uri => "$redirectURL");
    print $query->start_html(
          -title=>'Login');
     print $query->end_html;
}
else {
     $cookie = $query->cookie(-name=>'SMPF',
                  -value=>'',
                  -expires=>'now',
                  -path=>'/');
     print $query->header(-cookie=>$cookie);
     print $query->meta('');
     print $query->start_html('Login');

     print $query->body("<big><big><b>Redirect loop!</b></big></big><b
+r><br> You have been assigned a SESSION-cookie, as confirmation that 
+you have successfully logged in. For some reason the login-servers wh
+o needs this cookie is not getting it from your browser, causing a lo
+op of redirection. Please try to go back to the site you want to logi
+n to and try again. <b>You should not need to enter your credentials 
+again</b>. If this error is reoccurring for you, try using a differen
+t browser.");

     print $query->end_html;
}

    [download]

    Replies are listed 'Best First'.
    Re: CGI to redirect using sessions
    by 1nickt (Canon) on Jun 30, 2015 at 17:37 UTC

      Your script does not contain 

      use strict;
use warnings;

      [download]

      If that's what the examples you followed led to, you may have followed the wrong PM examples!

      If you do add strict and uncomment warnings, your script outputs this: 

      Variable "$cookie" is not imported at ./foo line 51.
    (Did you mean &cookie instead?)
Variable "$cookie" is not imported at ./foo line 56.
    (Did you mean &cookie instead?)
Variable "$cookie" is not imported at ./foo line 63.
    (Did you mean &cookie instead?)
Variable "$cookie" is not imported at ./foo line 67.
    (Did you mean &cookie instead?)
Global symbol "$query" requires explicit package name at ./foo line 15
+.
Global symbol "$perror" requires explicit package name at ./foo line 1
+7.
Global symbol "$wearelooping" requires explicit package name at ./foo 
+line 18.
Global symbol "$redirectURL" requires explicit package name at ./foo l
+ine 19.
Global symbol "$gotcookies" requires explicit package name at ./foo li
+ne 23.
Global symbol "$env" requires explicit package name at ./foo line 24.
Global symbol "$query" requires explicit package name at ./foo line 24
+.
Global symbol "$resumepath" requires explicit package name at ./foo li
+ne 25.
Global symbol "$query" requires explicit package name at ./foo line 25
+.
Global symbol "$env" requires explicit package name at ./foo line 30.
Global symbol "$redirectURL" requires explicit package name at ./foo l
+ine 30.
Global symbol "$resumepath" requires explicit package name at ./foo li
+ne 34.
Global symbol "$redirectURL" requires explicit package name at ./foo l
+ine 34.
Global symbol "$resumepath" requires explicit package name at ./foo li
+ne 34.
Global symbol "$perror" requires explicit package name at ./foo line 3
+5.
Global symbol "$gotcookies" requires explicit package name at ./foo li
+ne 41.
Global symbol "$perror" requires explicit package name at ./foo line 4
+1.
Global symbol "$gotcookies" requires explicit package name at ./foo li
+ne 44.
Global symbol "$wearelooping" requires explicit package name at ./foo 
+line 44.
Global symbol "$wearelooping" requires explicit package name at ./foo 
+line 50.
Global symbol "$perror" requires explicit package name at ./foo line 5
+0.
Global symbol "$cookie" requires explicit package name at ./foo line 5
+1.
Global symbol "$query" requires explicit package name at ./foo line 51
+.
Global symbol "$query" requires explicit package name at ./foo line 55
+.
Global symbol "$cookie" requires explicit package name at ./foo line 5
+6.
Global symbol "$redirectURL" requires explicit package name at ./foo l
+ine 57.
Global symbol "$query" requires explicit package name at ./foo line 58
+.
Global symbol "$query" requires explicit package name at ./foo line 60
+.
Global symbol "$cookie" requires explicit package name at ./foo line 6
+3.
Global symbol "$query" requires explicit package name at ./foo line 63
+.
Global symbol "$query" requires explicit package name at ./foo line 67
+.
Global symbol "$cookie" requires explicit package name at ./foo line 6
+7.
Global symbol "$query" requires explicit package name at ./foo line 68
+.
Global symbol "$query" requires explicit package name at ./foo line 69
+.
Global symbol "$query" requires explicit package name at ./foo line 71
+.
Global symbol "$query" requires explicit package name at ./foo line 73
+.
Execution of ./foo aborted due to compilation errors.

      [download]

      See why it's important?

      Remember: Ne dederis in spiritu molere illegitimi!
    		[reply]
    [d/l]
    [select]
    Re: CGI to redirect using sessions
    by stevieb (Canon) on Jun 30, 2015 at 18:45 UTC

      I don't know anyone who has used CGI since 1998 or so, but I haven't done any web programming in a long time so I guess it's still kicking around.

      I've done a basic cleanup (adding use strict; and use warnings; (use those pragmas in all of your Perl programs), fixing all errors and ensuring all vars are set so there aren't any warnings when running the script on the command line. I've also made a few other slight changes, such as basic layout, and appending a semi-colon to the lines that are run in the if() statements.

      I'd recommend trying to fix the errors use strict; complains about yourself, using my post as a reference if needed.

      #!/usr/bin/perl
use strict;
use warnings;

#
#  PROGRAM:    resumepath.pl
#
#  PURPOSE:     This script checks the request for cookies and environ
+ment variables and redirects customer 
#        back to the federation environment with good session
#  CREATED:     June 30, 2015  by Mitchell Lewars
#               Thanks for help to Bj&#65533;rn Vildljung
#               Lots of examples used from Perl Monks web site

use CGI qw(:standard);

my $query = new CGI;

my $perror = 0;        #//Set to 1 in case of an error.
my $wearelooping = 0;    #//Set to one if a user returns withing 15 se
+conds, indicating a redirect-loop.
my $redirectURL = "https://federate-qa.localhost.com";

#---- Next get the current values

my $gotcookies = $ENV{"HTTP_COOKIE"};
my $env = $query->param('env');
my $resumepath = $query->param('resumePath');


#// Check for the env= entry in the URL. If it is set to prod, use pro
+d federation, else use QA.

if ( $env and $env eq 'prod'){ 
    $redirectURL = "https://federate.localhost.com";
}

#// Check that the PF-session information is passed as expected, if no
+t, we got an error. Otherwise, add it to redirectURL

if ( $resumepath ){ 
    $redirectURL .= $resumepath;
}
else { 
    $perror=1;
}


# Verify that there is an SMSESSION, otherwise we got somebody accessi
+ng us the wrong way, and therefor probably for the wrong reasons. ERR
+OR!

if (!( $gotcookies =~ /smsession/i)){ 
    $perror = 1;
}

# Check if there is already an SMPF, if so we are looping
if ( $gotcookies =~ /smpf/i){ 
    $wearelooping = 1;
}

#// Check to see if a Cookie named SMPF is avalible. If not, we set it
+ and give it a 15 second lifetime. If it is there, we got a redirect 
+loop.

my $cookie;

if ($wearelooping eq 0 and $perror eq  0){
    $cookie = $query->cookie(-name=>'SMPF',
             -value=>'1',
             -expires=>'+15s',
             -path=>'/');
    print $query->redirect(
           -cookie => $cookie,
           -uri => "$redirectURL");
    print $query->start_html(
          -title=>'Login');
     print $query->end_html;
}
else {
     $cookie = $query->cookie(-name=>'SMPF',
                  -value=>'',
                  -expires=>'now',
                  -path=>'/');
     print $query->header(-cookie=>$cookie);
     print $query->meta('');
     print $query->start_html('Login');

     print $query->body("<big><big><b>Redirect loop!</b></big></big><b
+r><br> You have been assigned a SESSION-cookie, as confirmation that 
+you have successfully logged in. For some reason the login-servers wh
+o needs this cookie is not getting it from your browser, causing a lo
+op of redirection. Please try to go back to the site you want to logi
+n to and try again. <b>You should not need to enter your credentials 
+again</b>. If this error is reoccurring for you, try using a differen
+t browser.");

     print $query->end_html;
}

      [download]

      -stevieb

    		[reply]
    [d/l]
    [select]
    Re: CGI to redirect using sessions
    by Anonymous Monk on Jun 30, 2015 at 22:40 UTC
      Maybe you want to get rid of  qw{ :standard };
    		[reply]
    [d/l]

    Back to Seekers of Perl Wisdom