Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: SSO Redirection and Automatic Form Filling #1708

Open
iamthefrogy opened this issue May 20, 2024 · 1 comment
Open

Feature Request: SSO Redirection and Automatic Form Filling #1708

iamthefrogy opened this issue May 20, 2024 · 1 comment
Assignees
Labels
Type: Enhancement Most issues will probably ask for additions or changes.

Comments

@iamthefrogy
Copy link

Summary:

Implement a feature in httpx to detect and handle redirections to standard Single Sign-On (SSO) URLs, including automatic form filling for login pages.

Description:

When navigating to a homepage that redirects to a standard SSO URL (e.g., Okta, Google, Microsoft), httpx should:

  1. Detect the redirection to the SSO login page.
  2. Automatically fill in login forms using provided credentials (if specified via -aff).
  3. Provide a unified view of the SSO login apps vs. traditional apps when someone wants to do analysis of bulk URLs.

Use Cases:

  1. Monitoring and Probing: Enhance the capability of httpx to monitor and probe web applications that utilize SSO for authentication.
  2. Security Audits: Facilitate security audits by allowing automated interaction with SSO-protected resources.
  3. Provides a unified view of the standard login vs. SSO login vs. Social media login based apps.

Proposed Implementation:

  1. Detection: Implement logic to recognize common SSO URLs.
  2. Form Filling: Use a configuration file or command-line flags to provide credentials for automatic form filling (only if this is required, if apps on home page when httpx visits and it automatically anyway goes to 302 SSO URL, then task is completed by stating that this is SSO protected)
  3. Redirection Handling: Process the redirection URL to determine the success or failure of the login attempt.
  4. Provide options to specify different SSO providers and their respective login page structures.
@iamthefrogy iamthefrogy added the Type: Enhancement Most issues will probably ask for additions or changes. label May 20, 2024
@dogancanbakir dogancanbakir self-assigned this May 20, 2024
@GeorginaReeder
Copy link

Thanks so much for this feature request @iamthefrogy , we'll take a look into it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Development

No branches or pull requests

3 participants