POC to show how to login to SAT SIAT's portal using only HTTP requests (no JS engine needed).

sat_siat_login.php

<?php

/**
 * Copyright (c) 2018 Edgar Merino
 * 
 * Permission is hereby granted, free of charge, to any person obtaining a copy 
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights 
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
 * copies of the Software, and to permit persons to whom the Software is 
 * furnished to do so, subject to the following conditions:
 * 
 * The above copyright notice and this permission notice shall be included in 
 * all copies or substantial portions of the Software.
 * 
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

/**
 * POC Login to SAT's SIAT portal.
 *
 * @author emerino <donvodka@gmail.com>
 */

// auth credentials
$rfc = "USERNAME";
$ciec = "PASSWORD";

// file where cookies will be stored
$cookieJar = tempnam(sys_get_temp_dir(), "sat-siat-auth_");

$ch = makeCurl($cookieJar);

$response = get($ch, "https://www.siat.sat.gob.mx/PTSC/faces/pages/lanzador.jsf?url=/PTSC/buzonTributario/faces/Pages/Principal.jsf&tipoLogeo=c&target=principal&hostserver=https://buzon.siat.sat.gob.mx");

$response = post($ch, "https://login.siat.sat.gob.mx/nidp/idff/sso?id=mat-ptsc-totp&sid=0&option=credential&sid=0");

$response = post($ch, "https://login.siat.sat.gob.mx/nidp/idff/sso?id=mat-ptsc-totp&sid=0&option=credential&sid=0", array(
    "submit" => "Enviar",
    "option" => "credential",
    "Ecom_User_ID" => $rfc,
    "Ecom_Password" => $ciec,
    "target" => "https://www.siat.sat.gob.mx/PTSC/cont/accesoC?parametro=1&url=/PTSC/buzonTributario/faces/Pages/Principal.jsf&target=principal&tipoLogeo=c&hostServer=https://buzon.siat.sat.gob.mx"
));

$response = get($ch, "https://login.siat.sat.gob.mx/nidp/idff/sso?sid=0");

$response = post($ch, "https://login.siat.sat.gob.mx/nidp/saml2/sso", params($response, array("SAMLRequest")));

$response = post($ch, "https://www.siat.sat.gob.mx/saml2/sp/acs/post", params($response, array("SAMLResponse")));

// Authenticate to ptscsccpro realm
$response = get($ch, "https://ptscsccpro.clouda.sat.gob.mx/AutorizacionConsulta");

// the following 4 requests are needed to fully authenticate ourselves
$currentDate = date('Y-m-d\TH:i:s\Z');
$response = get($ch, "https://login.siat.sat.gob.mx/nidp/wsfed_SubContratacion.jsp?wa=wsignin1.0&wtrealm=https://ptscsccpro.clouda.sat.gob.mx/&wctx=rm%3D0%26id%3Dpassive%26ru%3D/AutorizacionConsulta&wct=$currentDate&wreply=https://ptscsccpro.clouda.sat.gob.mx/");

$response = post($ch, "https://ptscsccpro.clouda.sat.gob.mx/", params($response, array("wa", "wctx", "wresult")));

$response = get($ch, "https://login.siat.sat.gob.mx/nidp/wsfed_SubContratacion.jsp?wa=wsignin1.0&wtrealm=https://ptscsccpro.clouda.sat.gob.mx/&wctx=rm%3D0%26id%3Dpassive%26ru%3D/AutorizacionConsulta/Inicio&wct=$currentDate&wreply=https://ptscsccpro.clouda.sat.gob.mx/");

// this completely authenticates us to the ptscsccpro realm
$response = post($ch, "https://ptscsccpro.clouda.sat.gob.mx/", params($response, array("wa", "wctx", "wresult")));

// return the contracts in json format
$response = post($ch, "https://ptscsccpro.clouda.sat.gob.mx/AutorizacionConsulta/ConsultarContratos", null, array("Content-Type: application/json"));
echo $response;

// cleanup
curl_close($ch);
unlink($cookieJar);

function makeCurl($cookieJar) {
    $ch = curl_init();

    // global options
    curl_setopt($ch, CURLOPT_HEADER, false);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieJar);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieJar);

    // can use any user agent
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:59.0) Gecko/20100101 Firefox/59.0');

    // needed to return request's responses as a string instead of being sent
    // to stdout
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    return $ch;
}

function get($ch, $url) {
    return request($ch, $url, null, null);
}

function post($ch, $url, $data=null, $headers=null) {
    return request($ch, $url, true, $data, $headers);
}

function request($ch, $url, $post, $data=null, $headers=null) {
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_POST, $post);

    $lastUrl = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
    curl_setopt($ch, CURLOPT_REFERER, $lastUrl);

    if ($data) {
        curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
    }

    if ($headers) {
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    }

    return curl_exec($ch);
}

/**
 * Extracts the given params from the first form found in the given response.
 *
 * @param string $response
 * @return array the extracted params from the response.
 */
function params($response, $params) {
    $doc = new DOMDocument();
    // @ is needed to avoid warnings related to ampersands in the html document
    @$doc->loadHTML($response);

    $xpath = new DOMXPath($doc);
    $form = $doc->getElementsByTagName("form")->item(0);

    $pairs = array();

    foreach ($params as $param) {
        $entries = $xpath->query("input[@name='" . $param . "']", $form);
        $pairs[$param] = $entries->item(0)->getAttribute("value");
    }

    return $pairs;
}

Excelente aporte, tendras el equivalente de este codigo en Java?