simone
Reputation: 5227
How can I use NTLM or Kerberos authentication with Mojo::UserAgent
I am trying to get Mojo::UserAgent to authenticate via NTLM. Rougly like this:
use Mojo::UserAgent;
use Mojo::URL;
use Data::Dump qw/dump/;
use Path::Tiny;
use Authen::NTLM;
$\ = "\n"; $|++;
my $ntlm = Authen::NTLM-> new(host => "some.hidden.pl", user => 'foo',
domain => "bar", password => "baz", version => 2);
my $xml = path($ARGV[0])->slurp;
my $ua = Mojo::UserAgent->new;
my $url = Mojo::URL->new('https://some.hidden.pl/ews/exchange.asmx');
$url->userinfo(sprintf('%s\%s:%s', qw/bar foo baz/));
my $tx = $ua->get($url);
my $tx = $ua->build_tx(GET => $url);
$challenge = $ntlm->challenge;
$tx->req->headers->header('Authorization' => 'NTLM ' . $challenge);
$ua->start($tx);
$challenge = [ split /,\s*/, $tx->res->headers->header('www-authenticate') ]->[0] =~ s/NTLM //r;
$challenge = $ntlm->challenge($challenge);
my $tx = $ua->build_tx(GET => $url);
$tx->req->headers->header('Authorization' => 'NTLM ' . $challenge);
$ua->start($tx);
$tx = $ua->build_tx(POST => $url, {'Content-Type' => 'text/xml'}, $xml );
$tx->req->headers->content_type('text/xml');
$tx->req->headers->header('Authorization' => 'NTLM ' . $challenge);
$ua->start($tx);
print dump $tx->res;
but I keep getting a 401 at the second response from the server.
What am I getting wrong? And would it be easier to use Kerberos authentication (if so, how)?
thanks
Upvotes: 0
Views: 957
Answers (1)
Tobi Oetiker
Reputation: 5460
I just published a new module that should be pretty helpful in this respect Mojolicious::Plugin::SPNEGO. It is pretty simple to use:
use Mojolicious::Lite;
my $SERVER = 'my-ad-server.example.com';
app->secrets(['My secret passphrase here']);
plugin 'SPNEGO', ad_server => $SERVER;
get '/' => sub {
my $c = shift;
if (not $c->session('user')){
$c->ntlm_auth({
auth_success_cb => sub {
my $c = shift;
my $user = shift;
my $ldap = shift; # bound Net::LDAP::SPNEGO connection
$c->session('user',$user->{samaccountname});
$c->session('name',$user->{displayname});
my $groups = $ldap->get_ad_groups($user->{samaccountname});
$c->session('groups',[ sort keys %$groups]);
return 1;
}
}) or return;
}
} => 'index';
app->start;
__DATA__
@@ index.html.ep
<!DOCTYPE html>
<html>
<head>
<title>NTLM Auth Test</title>
</head>
<body>
<h1>Hello <%= session 'name' %></h1>
<div>Your account '<%= session 'user' %>' belongs to the following groups:</div>
<ul>
% for my $group (@{session 'groups' }) {
<li>'<%= $group %>'</li>
% }
</ul>
</body>
</html>
The module is based on the also newly released Net::LDAP::SPNEGO module which provides the basic buildingblocks for the SPNEGO dialog.
Upvotes: 1
Related Questions
- How can I get access to JSON in a Mojo::UserAgent response?
- Mojo::UserAgent (Mojo command line ) and insecure modifier
- Mojo::useragent SSL failure
- Why does LWP::UserAgent succeed and Mojo::UserAgent fail?
- How can I take credentials from the command line in a Mojolicious app?
- Mojolicious Basic Authentication using "under" without Mojolicious::Lite
- How can I make a request authorized with Oauth with Mojo::UserAgent?
- Request Useragent in Mojolicious
- NTLM Proxy Auth in perl
- Mojo::UserAgent TLS/SSL certificate authentication