For the sake of closing this thread, I have solved this.

In the end it was not overly complex but there was just more to it than initially known.

tl;dr: the trick was not to follow the redirect after receiving the ticket (this invalidated the ticket already).

Thanks for your help bliako.

#!/usr/bin/env perl
###Modules
use WWW::Mechanize;
use HTTP::Cookies;
use HTTP::CookieJar::LWP ();
use IO::Socket::SSL qw();
use Data::Dumper;
use JSON;

###Variables & Declarations
my $creds = "$ENV{'HOME'}/.credentials";
my $uri ="https://xxx.employer.xxx/app/login?service=https://xxx.emplo
+yer.xxx/app/service";
my $cookie_jar = HTTP::Cookies->new(); 

my ($username,$password) = get_credentials($creds);

my $fields = {
    username    => $username,
    password => $password,
};
my $m = WWW::Mechanize->new( cookie_jar => $cookie_jar, autocheck => 0
+, ssl_opts => { SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE, 
+verify_hostname => 0 }, env_proxy => 1, keep_alive => 1, timeout => 1
+20, agent => 'Windows IE 6' );
$m->max_redirect(0);

############## Log in and get Ticket ##################

my $content = $m->post($uri);

$m->submit_form(
    form_number => 1,
    fields      => $fields,
    button      => 'submit'
);

my $location = $m->response()->header('Location');
my $ticket_id = (split /ticket=/, $location)[1];
############## /Log in and get Ticket ##################

############## Create Session and get authorization id ###############
+###

$m->add_header('Content-Type' => 'text/plain');
$m->add_header('Accept' => ['text/plain', 'application/json']);
#$m->delete_header('Referer');

my $session_url = "https://xxx.employer.xxx:<port>/session";

my $contentp = $m->post($session_url, 'Content' => "$ticket_id");
my $resp = $contentp->decoded_content()."\n\n";
my $decoded_json = decode_json( $resp );
my $id = $decoded_json->{id};

############## /create session and get authorization id###############
+###

############## do authorized stuff #########################
$m->add_header('Authorization' => $id);
$m->post("whatever");

from here on I'm doing stuff inside the session...

[download]

In reply to Re^7: WWW::Mechnize redirect handling by nikster
in thread [Solved] WWW::Mechnize redirect handling by nikster

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.