login with SoapUI to Jasig CAS server

2
votes

Once i get the granting ticket, i cannot use it to access protected resources:

  1. I can access login page and retrieve login ticket 'lt' parameter and JSessionId Cookie
  2. Retry login with 'lt', Cookies, username, password, submit etc. parameters
  3. I do get the CASTGC cookie and use it to access /serviceValidate?service=protectedResource in the same exact way i do with the web Explorer, i have checked all the cookies and parameters are there, yet in the web explorer i get redirected to the service and in SoapUI i get a 200 login page. I never get a service ticket 'ST'

This is more and less after this sequence:

enter image description here

Other things i tried to no avail: to let SoapUI keep track of session, or access the login page with the 'service' parameter so to get redirected to the resource

CAS and service are in the same subdomain and both use secure transport

1
soapuicas

1 Answers

2
votes

I got it working, sorry if someone is writing the response as well. Once i have the CASTGC and the JSessionId, i create a new GET request with:

URL: https://cas.server.a/cas/login?service=https://service.a/resource
Cookie: JSESSIONID=A89...;CASTGC=TGT-27681...-cas;

I don't know why it doesn't work the first time i login to get the CASTGC Cookie, so to sum up there are three requests, the first to get lt, the second to get CASTGC Cookie and the last one to get to the service.

-- Thanks for the upvote, to save time to others, these are the steps i made for Jasig CAS:

step 1, HTTP POST to get lt

URL: https://cas.server.a/cas/login

step 2, property transfer to get lt and put it in property lt:

source //input[@name="lt"]/@value, from XML formatted response
destination: project property lt

step 3, Groovy Script to get JSessionId cookie and put it in property Cookie1:

def headerValue = testRunner.testCase.getTestStepByName("step-1").httpRequest.response.responseHeaders["Set-Cookie"]
context.testCase.setPropertyValue('Cookie1', headerValue[0]);

step 4, HTTP POST to get CGT

URL: https://cas.server.a/cas/login
username: redacted
password: redacted
lt: ${#TestCase#lt}
_eventId: submit

step 5, Groovy script to get CGT cookie

def headerValue = testRunner.testCase.getTestStepByName("step-4").httpRequest.response.responseHeaders["Set-Cookie"]
context.testCase.setPropertyValue('Cookie2', headerValue[1]);

step 6, HTTP POST to get service ticket

URL: https://cas.server.a/cas/login?service=https://service.a/resource
cookie:${#TestCase#Cookie1};${#TestCase#Cookie2}
not allowed redirects

step7, Groovy script to get service ticket a put it in 'ST' testcase property

def headerValue = testRunner.testCase.getTestStepByName("step-6").httpRequest.response.responseHeaders["Location"]
def ticket=headerValue[0];
context.testCase.setPropertyValue('ST',ticket.substring(ticket.indexOf("ticket")));

step 8, use ST, in my case it was a testLinkAPI call

def ST=context.testCase.getPropertyValue('ST');
def URL="https://service.a/testlink/lib/api/xmlrpc/v1/xmlrpc.php?"  + ST;
cookie: ${#TestCase#Cookie1};${#TestCase#Cookie2}