0

I'm trying to get a scraper working where two factor authentication (Duo) is in place. Everytime I send a POST to attempt the authentication, it fails with a 400 (Bad Request). Here's the latest version of the code I've tried:

    use Goutte\Client;

    $client = new Client();

    $res = $client->request('POST', 'https://example.com/cosign.cgi', [
      'body' => 'login=theuser&password=thepassword&service=theservice&passcode=8675309',
  ]);

The body of the error page that's returned says that cookies need to be enabled. Yet, cookies are enabled in $client.

cdmo
  • 1,239
  • 2
  • 14
  • 31

1 Answers1

1

"https://example.com/cosign.cgi" - is probably a wrapper on top of DSA (CoSign) APIs. Please reveal the code behind. Regarding on how to use 2-factor authentication when signin: for complete information on DSA APIs refer to DSA Programmer Guide and to DSA Developer Center. RESTFull API was introduced in DSA v8.2+. Here is an example:

<?php
$request = new HttpRequest();
$request->setUrl('https://cosign:8081/sapiws/v1/digital_signature');
$request->setMethod(HTTP_METH_PUT);
$request->setHeaders(array('postman-token' => 'c37705a2-4e8a-eb47-fcbe-62568507717b',
                           'cache-control' => 'no-cache',
                           'content-type' => 'application/json',
                           'authorization' => 'Basic YXZpdjoxMjM0NTY3OEFi'));
$request->setBody('{ "signField" :  {"file":"BASE64PDFContent",
                                     "FileType": "PDF",
                                     "signPassword": "password",
                                     "signPasswordType": "STRING"
                                    }
                   }');
try {
      $response = $request->send();
      echo $response->getBody();
   } 
   catch (HttpException $ex) {
   echo $ex;
}

Insert the password to login to the DSA signer account in the basic authorization header. Insert the OTP in the body "signPassword" field.

Replace the cosign placeholder in https://cosign:8081/sapiws/v1/digital_signature with your properly exposed appliance DNS.

Aviv Simionovici
  • 81
  • 4