How to programmatically enter the site?

I have looked at several examples on stackoverflow and cannot get it to work.

This is the URL I need to enter the program:

I have tried many different ways with no success. Here's what I currently have:

Original URL before login:

Url after login:

The form, I think, is submitted before login:

<form action="/guardian/home.html" method="post" name="LoginForm" target="_top" id="LoginForm" onsubmit="doPCASLogin(this);">
<input type="hidden" name="pstoken" value="308732667SkW2oaVnhxqIqM5PzqdGWrXW4jdQoB8W">
<input type="hidden" name="contextData" value="2AA011214C3F506D76216C5B459574636E2269F51AC438EB11081A7C735345A8">
<input type="hidden" name="dbpw" value="">
<input type="hidden" name="translator_username" value="">
<input type="hidden" name="translator_password" value="">
<input type="hidden" name="translator_ldappassword" value="">

<input type="hidden" name="returnUrl" value="">
<input type="hidden" name="serviceName" value="PS Parent Portal">
<input type="hidden" name="serviceTicket" value="">
<input type="hidden" name="pcasServerUrl" value="/">
<input type="hidden" name="credentialType" value="User Id and Password Credential">

<h2>Parent Sign In</h2>
<!--box content-->
<div id="noscript" class="feedback-alert" style="display: none;"> To sign in to PowerSchool, you must use a browser that supports and has JavaScript enabled. </div>
<fieldset id="login-inputs" class="group">
  <input type="text" id="fieldAccount" name="account" value="" size="39">
  <input type="password" name="pw" value="" size="39"><div id="login-help"><a href="/public/account_recovery_begin.html">Having trouble signing in?</a></div>
<div id="translatorInput" style="display: none;">
  <label>Translator Sign In</label>
  <input type="password" name="translatorpw" value="" size="39">
<div class="button-row">
  <button type="submit" id="btn-enter" title="Sign In To PowerSchool Parent Access" value="Enter" border="0">Sign In</button>
<!-- box content-->


After clicking the submit button, the form changes to it (only dbpw changes (these were two separate examples, so pstoken and contextData changed)): Notice how the only thing that changes is the dbpw field

This is after you are "fully logged in" Datarespone headerscookies

Here is my code (doesn't work):

public static final String POWERSCHOOLLOGINURL = "";
    public static final String POWERSCHOOLLOGIN = "";

    public static void main(String[] args) throws IOException {
        Map<String, String> nameToVal = new HashMap<String, String>();
        nameToVal.put("pstoken", "308732667b2uBDHKHeNJc1XTXdgDSVwxzHfzldM9M");
        nameToVal.put("contextData", "e1c94866f2ed77f3ae37bc1a2a477631");
        nameToVal.put("dbpw", "29e3fdf45f7959a5e0c894ad01b34941");
        nameToVal.put("translator_username", "");
        nameToVal.put("translator_password", "");
        nameToVal.put("translator_ldappassword", "");
        nameToVal.put("returnUrl", "");
        nameToVal.put("serviceName", "PS Parent Portal");
        nameToVal.put("serviceTicket", "");
        nameToVal.put("pcasServerUrl", "/");
        nameToVal.put("credentialType", "User Id and Password Credential");
        nameToVal.put("account", "horvste");
        nameToVal.put("translatorpw", "");
        nameToVal.put("returnUrl", "");
        nameToVal.put("pcasServerUrl", "/");
        nameToVal.put("credentialType", "User Id and Password Credential");
        Map<String, String> cookies = new HashMap<String, String>();
        cookies.put("JSESSIONID", "2C108FB2394FFE097E366BC3C34827B8");
        cookies.put("uiStateCont", "null");
        cookies.put("uiStateNav", "null");

        Document doc = Jsoup.connect(POWERSCHOOLLOGIN).cookies(cookies)



note: HtmlUnit is not an acceptable answer (it slows down and doesn't work on Android).


source to share

1 answer

You will need to simulate what md5.js (which can be found in the resources tab of the dev tools) does with the form on submit:

    function doPCASLogin(form) {
   var originalpw =;
   var b64pw = b64_md5(originalpw);
   var hmac_md5pw = hex_hmac_md5(pskey, b64pw) = hmac_md5pw;
   form.dbpw.value = hex_hmac_md5(pskey, originalpw.toLowerCase())
   if (form.ldappassword!=null) {
     // LDAP is enabled, so send the clear-text password
     // Customers should have SSL enabled if they are using LDAP
     form.ldappassword.value = originalpw; // Send the unmangled password

   // Translator Login
   var translatorpw = form.translatorpw.value;
   var i = translatorpw.indexOf(";");
    if (i < 0) {
        form.translator_username.value = translatorpw;
        form.translator_password.value = "";
    else {
        form.translator_username.value = translatorpw.substring(0,i);
        translatorpw = translatorpw.substring(i+1); // Get the password
        translatorpw2 = translatorpw;
        translatorpw = b64_md5(translatorpw);                   // Added in move to pcas
        form.translator_password.value = hex_hmac_md5(pskey, translatorpw);
        if (form.translator_ldappassword!=null) {
            // LDAP is enabled, so send the clear-text password
            // Customers should have SSL enabled if they are using LDAP
            form.translator_ldappassword.value = translatorpw2; // Send the pw for LDAP

    return true;




All Articles