使用Python请求访问Shibboleth认证服务器时出现SSL错误

时间:2014-04-04 08:51:04

标签: python ssl python-requests shibboleth python-3.4

我正在尝试使用Python脚本访问由学术服务提供商(SP)托管的期刊文章。

服务器使用Shibboleth登录进行身份验证。我阅读Logging into SAML/Shibboleth authenticated server using python并尝试使用Python请求实现登录。

该脚本首先查询SP以获取通往我的IDP机构的链接,然后应该使用IDP自动进行身份验证。第一部分有效,但是当跟随到IDP的链接时,它会因SSL错误而窒息。 这是我使用的:

import requests
import lxml.html

LOGINLINK = 'https://www.jsave.org/action/showLogin?redirectUri=%2F'
USERAGENT = 'Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0'

s = requests.session()
s.headers.update({'User-Agent' : USERAGENT})

# getting the page where you can search for your IDP
# need to get the cookies so we can continue
response = s.get(LOGINLINK)
rtext = response.text
print('Don\'t see your school?' in rtext) # prints True

# POSTing the name of my institution
data = {
    'institutionName' : 'tubingen',
    'submitForm' : 'Search',
    'currUrl' : '%2Faction%2FshowBasicSearch',
    'redirectUri' : '%2F',
    'activity' : 'isearch'
}
response = s.post(BASEURL + '/action/showLogin', data=data)
rtext = response.text
print('university of tubingen' in rtext) # prints True

# get the link that leads to the IDP
tree = lxml.html.fromstring(rtext)
loginlinks = tree.cssselect('a.extLogin')
if (loginlinks):
    loginlink = loginlinks[0].get('href')
else: 
    exit(1)

print('continuing to IDP')
response = s.get(loginlink)
rtext = response.text
print('zentrale Anmeldeseite' in rtext)

这会产生:

continuing to IDP...

2014-04-04 10:04:06,010 - INFO - Starting new HTTPS connection (1): idp.uni-tuebingen.de
Traceback (most recent call last):

File "/usr/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 480, in urlopen
body=body, headers=headers)

File "/usr/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 285, in _make_request
conn.request(method, url, **httplib_request_kw)

File "/usr/lib/python3.4/http/client.py", line 1066, in request
self._send_request(method, url, body, headers)

File "/usr/lib/python3.4/http/client.py", line 1104, in _send_request
self.endheaders(body)

File "/usr/lib/python3.4/http/client.py", line 1062, in endheaders
self._send_output(message_body)

File "/usr/lib/python3.4/http/client.py", line 907, in _send_output
self.send(msg)

File "/usr/lib/python3.4/http/client.py", line 842, in send
self.connect()

File "/usr/lib/python3.4/site-packages/requests/packages/urllib3/connection.py", line 164, in connect
ssl_version=resolved_ssl_version)

File "/usr/lib/python3.4/site-packages/requests/packages/urllib3/util.py", line 639, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)

File "/usr/lib/python3.4/ssl.py", line 344, in wrap_socket
_context=self)

File "/usr/lib/python3.4/ssl.py", line 540, in __init__
self.do_handshake()

File "/usr/lib/python3.4/ssl.py", line 767, in do_handshake
self._sslobj.do_handshake()

ssl.SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:598)


During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File "/usr/lib/python3.4/site-packages/requests/adapters.py", line 330, in send
timeout=timeout

File "/usr/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 504, in urlopen
raise SSLError(e)

requests.packages.urllib3.exceptions.SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:598)


During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "./try.py", line 154, in <module>
response = s.get(loginlink)

File "/usr/lib/python3.4/site-packages/requests/sessions.py", line 395, in get
return self.request('GET', url, **kwargs)

File "/usr/lib/python3.4/site-packages/requests/sessions.py", line 383, in request
resp = self.send(prep, **send_kwargs)

File "/usr/lib/python3.4/site-packages/requests/sessions.py", line 486, in send
r = adapter.send(request, **kwargs)

File "/usr/lib/python3.4/site-packages/requests/adapters.py", line 385, in send
raise SSLError(e)

requests.exceptions.SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:598)

使用s.get(loginlink,verify = False)会产生完全相同的错误。简单地使用urllib.request.urlopen(loginlink)也是如此。

另一方面,将链接打印并粘贴到Firefox中可以正常工作。

1 个答案:

答案 0 :(得分:1)

尝试使用openssl s_client之后,目标idp.uni-tuebingen.de:443似乎只支持SSLv3,并且对任何更新的行为都行为不端。强制使用SSLv3:

$ openssl s_client -connect idp.uni-tuebingen.de:443 -ssl3
CONNECTED(00000003)
depth=3 C = DE, O = Deutsche Telekom AG, OU = T-TeleSec Trust Center, CN = Deutsche Telekom Root CA 2
...

但是使用默认设置或强制TLv1(-tls1)它只会返回一个警告:

openssl s_client -connect idp.uni-tuebingen.de:443 
CONNECTED(00000003)
140493591938752:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:741:

因此,您需要找到一种方法来强制SSLv3进行此连接。我此时并不熟悉python,但也许http://docs.python-requests.org/en/latest/user/advanced/章“示例:特定SSL版本”有帮助。

为什么它适用于firefox:如果与更安全版本的连接失败,浏览器通常会使用降级的SSL版本重试。例如。每个人都试图解决破碎的东西,以便破碎的东西的所有者无意修复它:(

相关问题
最新问题