formreplay.html 8.03 KB
Newer Older
Clément OUDOT's avatar
New doc  
Clément OUDOT committed
1 2 3 4 5 6
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
  <meta charset="utf-8" />
  <title>documentation:2.0:formreplay</title>
<meta name="generator" content="DokuWiki"/>
Xavier Guimard's avatar
Xavier Guimard committed
7
<meta name="robots" content="index,follow"/>
Clément OUDOT's avatar
New doc  
Clément OUDOT committed
8 9 10 11 12
<meta name="keywords" content="documentation,2.0,formreplay"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="formreplay.html"/>
<link rel="contents" href="formreplay.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
Xavier Guimard's avatar
Xavier Guimard committed
13 14 15 16 17 18 19 20 21
<!-- //if:usedebianlibs
  <link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
Clément OUDOT's avatar
New doc  
Clément OUDOT committed
22 23 24
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:formreplay","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
Xavier Guimard's avatar
Xavier Guimard committed
25 26 27 28 29 30 31 32 33 34 35 36 37 38
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
  <script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
  <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
Xavier Guimard's avatar
Xavier Guimard committed
39
  <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
Xavier Guimard's avatar
Xavier Guimard committed
40
//else -->
Xavier Guimard's avatar
Xavier Guimard committed
41
  <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
Xavier Guimard's avatar
Xavier Guimard committed
42
<!-- //endif -->
Clément OUDOT's avatar
New doc  
Clément OUDOT committed
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
</head>
<body>
<div class="dokuwiki export container">

<h1 class="sectionedit1" id="form_replay">Form replay</h1>
<div class="level1">

</div>
<!-- EDIT1 SECTION "Form replay" [1-27] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">

<p>
Form replay allows you to open a session on a protected application by filling a <abbr title="HyperText Markup Language">HTML</abbr> POST login form and autosubmitting it, without asking anything to the user.
</p>
<div class="notewarning">This kind of <abbr title="Single Sign On">SSO</abbr> mechanism is not clean, and can lead to problems, like local password blocking, local session not well closed, etc.
<p>
Please always try to find another solution to protect your application with <abbr title="LemonLDAP::NG">LL::NG</abbr>. At least, check if it is not a <a href="applications.html" class="wikilink1" title="documentation:2.0:applications">known application</a>, or <a href="selfmadeapplication.html" class="wikilink1" title="documentation:2.0:selfmadeapplication">try to adapt its source code</a>.
</p>

</div>
<p>
If you configure form replay with <abbr title="LemonLDAP::NG">LL::NG</abbr>, the Handler will detect forms to fill, add a javascript in the html page to fill form fields with dummy datas and submit it, then intercept the POST request and add POST data in the request body.
</p>

<p>
POST data can be static values or computed from user&#039;s session.
</p>
<div class="notetip">To post user&#039;s password, you must enable <a href="passwordstore.html" class="wikilink1" title="documentation:2.0:passwordstore">password storing</a>. In this case you will be able to use <code>$_password</code> to fill any password POST field.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [28-1068] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">

<p>
Xavier Guimard's avatar
Xavier Guimard committed
79
You should grab some information:
Clément OUDOT's avatar
New doc  
Clément OUDOT committed
80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162
</p>
<ul>
<li class="level1"><div class="li"> <abbr title="Uniform Resource Identifier">URI</abbr> of the html page which contains the form</div>
</li>
<li class="level1"><div class="li"> <abbr title="Uniform Resource Identifier">URI</abbr> the html form is sent to</div>
</li>
<li class="level1"><div class="li"> Does the html page load jQuery ? If not, grab a jQuery <abbr title="Uniform Resource Locator">URL</abbr> reachable by user (any version over jQuery 1.0 is suitable)</div>
</li>
<li class="level1"><div class="li"> are there several html forms in the page ? If so, get a jQuery selector for the form you want to post</div>
</li>
<li class="level1"><div class="li"> is user required to click on a button, for example in order to perform some script ? If so, get a jQuery selector for that button</div>
</li>
<li class="level1"><div class="li"> names and values of the fields you want to control</div>
</li>
</ul>

<p>
If you don&#039;t know jQuery selector, just be aware that they are similar to css selectors: for example, button#foo points to the html button whose id is “foo”, and .bar points to all html elements of css class “bar”.
</p>

<p>
For example:
</p>
<ul>
<li class="level1"><div class="li"> Form page <abbr title="Uniform Resource Identifier">URI</abbr>: /login.php</div>
</li>
<li class="level1"><div class="li"> Target <abbr title="Uniform Resource Identifier">URI</abbr>: /process.php (if you let this parameter empty, target <abbr title="Uniform Resource Identifier">URI</abbr> is supposed to be the same as form page <abbr title="Uniform Resource Identifier">URI</abbr>)</div>
</li>
<li class="level1"><div class="li"> jQuery <abbr title="Uniform Resource Locator">URL</abbr>: http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js (if you let this parameter empty, jQuery is supposed to be already loaded; you can also set <code>default</code> to point to jQuery <abbr title="Uniform Resource Locator">URL</abbr> of <abbr title="LemonLDAP::NG">LL::NG</abbr> portal)</div>
</li>
<li class="level1"><div class="li"> jQuery form selector: #loginForm (if you let this parameter empty, browser will fill and submit any html form)</div>
</li>
<li class="level1"><div class="li"> jQuery button selector: button.validate (if you let this parameter empty, the form will be submitted but no button will be clicked; if you set it to “none”, no button will be clicked and the form will be filled but not submitted)</div>
</li>
<li class="level1"><div class="li"> Fields:</div>
<ul>
<li class="level2"><div class="li"> postuid: $uid</div>
</li>
<li class="level2"><div class="li"> postmail: $mail</div>
</li>
<li class="level2"><div class="li"> poststatic: &#039;static&#039;</div>
</li>
</ul>
</li>
</ul>

<p>
Go in Manager, “Virtual Hosts” » <em>virtualhost</em> » “Form replay” and click on “New form replay”.
</p>

<p>
<img src="documentation/manager-form-replay.png" class="mediacenter" alt="" />
</p>

<p>
Fill values here:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Form <abbr title="Uniform Resource Locator">URL</abbr></strong>: /login.php</div>
</li>
<li class="level1"><div class="li"> <strong>Target <abbr title="Uniform Resource Locator">URL</abbr></strong>: /process.php</div>
</li>
<li class="level1"><div class="li"> <strong>jQuery <abbr title="Uniform Resource Locator">URL</abbr></strong>: http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js</div>
</li>
<li class="level1"><div class="li"> <strong>jQuery form selector</strong>: #loginForm</div>
</li>
<li class="level1"><div class="li"> <strong>jQuery button selector</strong>: button.validate</div>
</li>
</ul>

<p>
Then click on <code>New variable</code> and add all data with their values, for example:
</p>

<p>
<img src="documentation/manager-form-replay-vars.png" class="mediacenter" alt="" />
</p>
<div class="notetip">You can define more than one form replay <abbr title="Uniform Resource Locator">URL</abbr> per virtual host.
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [1069-] --></div>
</body>
</html>