Working w/Duo config #36
Conversation
The code from the master is not working with the latest DUO security. So, update the code and it works with Duo Security
| LOG = logging.getLogger('alohomora.req') | ||
|
|
||
| csrf=""; |
There was a problem hiding this comment.
DUO looks for the csrf token when requesting for TFA. So made that as global var.
| @@ -213,11 +216,17 @@ def login_one_factor(self, username, password): | |||
| elif "pass" in name.lower(): | |||
| # Make an educated guess that this is the right field for the password | |||
| payload[name] = password | |||
| elif "csrfp_token" in name.lower(): | |||
There was a problem hiding this comment.
It needs csrfp_token and AuthState in the header, else it fails with this error
Traceback (most recent call last):
File "main.py", line 282, in
Main().main()
File "main.py", line 196, in main
(okay, response) = provider.login_two_factor(response, auth_device)
File "/usr/local/lib/python3.7/site-packages/alohomora/req.py", line 280, in login_two_factor
sigs = sig_request.split(':')
AttributeError: 'NoneType' object has no attribute 'split'
| else: | ||
| # Populate the parameter with the existing value (picks up hidden fields as well) | ||
| # payload[name] = value | ||
| pass | ||
| payload['_eventId_proceed'] = '' | ||
| #payload['_eventId_proceed'] = '' |
| for inputtag in soup.find_all(re.compile('form', re.IGNORECASE)): | ||
| action = inputtag.get('action') | ||
| if action: | ||
| parsedurl = urlparse.urlparse(self.idp_url) | ||
| idpauthformsubmiturl = parsedurl.scheme + "://" + parsedurl.netloc + action | ||
| idpauthformsubmiturl = parsedurl.scheme + "://" + parsedurl.netloc + "/dag/module.php/core/loginuserpass.php" |
There was a problem hiding this comment.
The form action they converted to "?", hence changing the action part to the loginuserpass endpoint.
| payload = { | ||
| '_eventId_proceed': 'transition', | ||
| 'sig_response': '%s:%s' % (signed_auth, app_sig) | ||
| 'sig_response': '%s:%s' % (signed_auth, app_sig), | ||
| 'csrfp_token': csrf |
There was a problem hiding this comment.
Needed a csrfp token, else the req gets forbidden
| @@ -562,8 +563,11 @@ def _get_assertion(self, soup): | |||
| LOG.debug('Pulling out SAML assertion') | |||
| form = soup.find('form') | |||
| input_tag = form.find('input') | |||
| LOG.debug('Found assertion %s', input_tag['value']) | |||
| return input_tag['value'] | |||
| for inputtag in soup.find_all('input'): | |||
There was a problem hiding this comment.
Updated the parsing for samlresponse. Now, we have multiple input tags in the response code
The code from the master is not working with the latest DUO security. So, update the code and it works with Duo Security. Comments are added inline to the changes I did.