Replizieren Sie erfolgreiche PowerShell SAML -Anforderungscode in Python ⇐ Python

[Anonymous]

Ich versuche, die SAML -Authentifizierung mit der Cyberark -Passwort -Vault -Anwendung durchzuführen. Ich erhielt diesen PowerShell -Code von Cyberark für die Durchführung dieser SAML -Authentifizierung und er funktioniert großartig und ich bekomme den SAML -Antwort -Token für die Ausführung nachfolgender Anrufe. Das Problem ist, dass ich diese SAML -Authentifizierung in Python anstelle von Powershell durchführen muss, und bisher konnte ich den erfolgreichen PowerShell -Code in Python nicht replizieren. Irgendwelche Ideen, wie man diesen PowerShell -Code in Python repliziert?

Code: Select all

Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName System.Web

$PVWAAddress = "https://passwordvault.acme.net"

function CA_API_SAMLAuth($PVWAAddress)
{
$global:tkn = ""
try{
$Logon_Body = @{}|ConvertTo-Json

$Logon_URI = "$PVWAAddress/PasswordVault/api/auth/saml/Logon"

$IdpUrl = Invoke-RestMethod -Uri $Logon_URI -Body $Logon_Body -Method POST -ContentType "application/json" -SessionVariable websession

$cookies = $websession.Cookies.GetCookies("$PVWAAddress/PasswordVault/api/auth/saml/Logon")

foreach ($cookie in $cookies) {
if ($cookie.name -eq "CA88888"){$CA8 = $cookie.value}
}
}
catch{
Write-Host "StatusMessage:" $_
return
}

try{
$SAML_Form = New-Object Windows.Forms.Form
$SAML_Form.StartPosition = 'CenterScreen'
$SAML_Form.Size = New-Object System.Drawing.Size(650,750)

$SAML_WB = New-Object Windows.Forms.WebBrowser
$SAML_WB.Dock = 'Fill'
$SAML_WB.ScriptErrorsSuppressed = $true

$SAML_Form.Controls.Add($SAML_WB)

# Navigate to the IDP URL
$SAML_WB.Navigate($IdpUrl)

# Do something before we go anywhere else
$SAML_WB.add_Navigating({

if ($SAML_WB.DocumentText.Contains("SAMLResponse")){

$_.cancel = $true

$SAMLElement = $SAML_WB.Document.GetElementsByTagName("input").GetElementsByName("SAMLResponse")[0].GetAttribute("value");

$SAMLRes = $($SAMLElement -replace ' ', '')

try{
$sessioncc = [Microsoft.PowerShell.Commands.WebRequestSession]::new()

$cookie8 = [System.Net.Cookie]::new('CA88888', $CA8)
$cookie8.HttpOnly=$true
$cookie8.Secure=$true
$cookie8.Domain = $PVWAAddress.Split("/")[2]
$cookie8.Path = "/"

$sessioncc.Cookies.Add($PVWAAddress, $cookie8)

$body = @{concurrentSession='true';apiUse='true';SAMLResponse="$($SAMLRes.Trim())"}

$contentType = 'application/x-www-form-urlencoded'

$SessionToken = Invoke-WebRequest -Method POST -Uri $Logon_URI -body $body -ContentType $contentType  -WebSession $sessioncc

$global:tkn = $SessionToken.Content -replace '"', ''
}
catch{
Write-Host "StatusMessage:" $_
return
}
$SAML_Form.Close()
}
})

$SAML_Form.ShowDialog()

$SAML_Form.Dispose()

if($global:tkn){
Write-Host SessionToken: $global:tkn
return $global:tkn
}else{
Write-Host "Something went wrong during the authentication process.\nPlease try signing in again."
return
}
}
catch{
Write-Host "StatusMessage:" $_
return
}
}

$Token = CA_API_SAMLAuth($PVWAAddress)

Der Python -Code, den ich mit Selenium ausprobiert habe. Ich frage mich, ob ich die IDP -URL nicht in einem Edge -Browser öffnen muss, sondern nur in einem generischen Rahmen, und verwandeln

Code: Select all

import time
import os
import re
import urllib.request
import requests

from selenium import webdriver
from selenium.webdriver.edge.service import Service as EdgeService
from selenium.webdriver.edge.options import Options
from selenium.webdriver.common.by import By
from selenium.webdriver.support import expected_conditions as EC
from selenium.webdriver.support.wait import WebDriverWait
from selenium.webdriver.support.ui import Select
from selenium.common.exceptions import (
ElementClickInterceptedException,
NoSuchElementException,
ElementNotInteractableException,
SessionNotCreatedException
)

# Webdriver details
ms_edge_webdriver_path = f"C:\\Users\\bugsbunny\\Downloads\\edgedriver_win64\\msedgedriver.exe"

ms_edge_binary_path = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"

pwv_saml_url = f"https://passwordvault.acme.net/PasswordVault/api/auth/saml/Logon"

headers = {
'Content-Type': 'application/json'
}

initial_pwv_cookie = ""
initial_idp_url = ""

body = {}

with requests.post(pwv_saml_url, headers=headers, verify=False) as initial_idp_response:

initial_idp_url = json.loads(initial_idp_response.content)

for cookie in initial_idp_response.cookies:
if cookie.name == "CA88888":
initial_pwv_cookie = cookie.value

# --- Setup Selenium Edge driver --- #
options = Options()

# https://stackoverflow.com/questions/51865300/python-selenium-keep-browser-open
options.add_experimental_option("detach", True)

# Suppress the stupid "Personalize your web experience" prompt
# that can appear randomly and throw things off. You can launch the browser
# in "guest" mode but if we do SSO I don't want that, so instead we'll
# just turn off the Edge toggle that initiates that prompt.
# https://stackoverflow.com/questions/76377363/how-can-i-disable-personalize-your-web-experience-ms-edge-prompt-for-selenium
# https://stackoverflow.com/questions/77609588/selenium-edge-webdriver-notification-disable
options.add_experimental_option("prefs",
{"user_experience_metrics": {"personalization_data_consent_enabled": True}})

# suppressing any console output (FYI, currently this does not totally work when used with
# the --headless or --headless=new options, so be aware if you are using this with those options).
#   https://github.com/SeleniumHQ/selenium/issues/13095
#   https://stackoverflow.com/questions/69919930/selenium-edge-python-errors-auto-close-edge-browser-after-test-execution
options.add_experimental_option('excludeSwitches', ['enable-logging'])

service = EdgeService(executable_path=ms_edge_webdriver_path)

driver = webdriver.Edge(service=service, options=options)

# Maximize the window
driver.maximize_window()

# driver = webdriver.Edge(service=service)
driver.get(initial_idp_url)