使用Python脚本在ADFS上进行身份验证 [英] Authenticating on ADFS with Python script

问题描述

我需要解析被ADFS服务隐藏的站点.

I need to parse site, which is hidden by ADFS service.

并对其进行身份验证.

and struggling with authentication to it.

有什么选择可以进入吗?

Is there any options to get in?

我可以看到，大多数针对后端应用程序或系统用户"(带有app_id，app_secret)的解决方案. 就我而言，我只能使用登录名和密码，不能使用它.

what i can see, most of solutions for backend applications, or for "system users"(with app_id, app_secret). in my case, i can't use it, only login and password.

问题示例: 在chrome中，我打开www.example.com，它将使用登录名和密码形式将我重定向到https://login.microsoftonline.com/，然后重定向到https://federation-sts.example.com/adfs/ls/?blabla.

example of problem: in chrome I open www.example.com and it redirects me to to https://login.microsoftonline.com/ and then to https://federation-sts.example.com/adfs/ls/?blabla with login and password form.

以及如何使用python3访问它?

推荐答案

ADFS使用复杂的重定向和CSRF保护技术.因此，最好使用浏览器自动化工具执行身份验证并随后解析网页.我建议使用带有python绑定的 selenium工具包.这是一个工作示例:

ADFS uses complicated redirection and CSRF protection techniques. Thus, it is better to use a browser automation tool to perform the authentication and parse the webpage afterwards. I recommend the selenium toolkit with python bindings. Here is a working example:

from selenium import webdriver
def MS_login(usrname, passwd):  # call this with username and password
    driver = webdriver.Edge()   # change to your browser (supporting Firefox, Chrome, ...)
    driver.delete_all_cookies() # clean up the prior login sessions
    driver.get('https://login.microsoftonline.com/') # change the url to your website
    time.sleep(5) # wait for redirection and rendering

    driver.find_element_by_xpath("//input[@name='loginfmt'").send_keys(usrname)
    driver.find_element_by_xpath("//input[@type='submit']").click()
    time.sleep(5)

    driver.find_element_by_xpath("//input[@name='passwd'").send_keys(passwd)
    driver.find_element_by_xpath("//input[@name='KMSI' and @type='checkbox'").click()
    driver.find_element_by_xpath("//input[@type='submit']").click()
    time.sleep(5)

    driver.find_element_by_xpath("//input[@type='submit']").click()

    # Successfully login

    # parse the site ...

    driver.close() # close the browser
    return driver

此脚本调用Microsoft Edge打开网站.它将用户名和密码注入正确的DOM元素，然后让浏览器处理其余的内容.已在网页" https://login.microsoftonline.com 上进行了测试.您可能需要对其进行修改以适合您的网站.

This script calls Microsoft Edge to open the website. It injects the username and password to the correct DOM elements and then let the browser to handle the rest. It has been tested on the webpage "https://login.microsoftonline.com". You may need to modify it to suit your website.

这篇关于使用Python脚本在ADFS上进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！