<div dir="ltr">Thanks, that looks like it's sending the right header.  The server doesn't like it for some reason, but I'll have to talk to them about it.<div><br></div><div>Thanks very much for your help, Luri.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 27, 2015 at 3:25 PM, Iuri <span dir="ltr"><<a href="mailto:iurisilvio@gmail.com" target="_blank">iurisilvio@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>The signature is not shown in the suds.client logging. I created a small log plugin to print the request/response.</div><div><br></div><div><div><font face="monospace, monospace">class LogPlugin(MessagePlugin):</font></div><div><font face="monospace, monospace">    def sending(self, context):<br></font></div><div><font face="monospace, monospace">        print str(context.envelope)</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">    def received(self, context):</font></div><div><font face="monospace, monospace">        print str(context.reply)</font></div></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace"># add the LogPlugin after the WssePlugin</font></div><div><font face="monospace, monospace">client = Client(url, <span style="font-size:12.8000001907349px">plugins=[WssePlugin(</span><span style="font-size:12.8000001907349px">certificate), LogPlugin()])</span></font></div><div><span style="font-family:monospace,monospace;font-size:12.8000001907349px"><br></span></div><div>This plugin will print the signed request (if it is really signed). I don't remember exactly what was happening, but in some cases the WssePlugin failed silently. No signature and no error. Maybe it is your case.</div><div><br></div><div>Check if your PEM certificate is loading correctly:</div><div><br></div><div><font face="monospace, monospace">from OpenSSL import crypto</font></div><font face="monospace, monospace">print crypto.load_certificate(crypto.FILETYPE_PEM, open(key_file).read())</font><div><div><br></div>The verify_envelope[1] is used when you receive the server response.<div><br></div><div>[1] <a href="https://github.com/mvantellingen/py-soap-wsse/blob/ffd25323cd05ac85d36411f67270d9801935c9e0/src/soap_wsse/suds_plugin.py" target="_blank">https://github.com/mvantellingen/py-soap-wsse/blob/ffd25323cd05ac85d36411f67270d9801935c9e0/src/soap_wsse/suds_plugin.py</a><br></div><div><br></div><div>I don't know what scenario the soap_wsse author considered, but the plugin expects the response signed with the same key. I fixed with a little hack:</div><div><br></div><div><div><font face="monospace, monospace">class OutboundWssePlugin(WssePlugin):</font></div><div><font face="monospace, monospace">    def received(self, context):</font></div><div><font face="monospace, monospace">        pass</font></div></div><div><br></div><div># use OutboundWssePlugin instead of the original WssePlugin here</div><div><span style="font-family:monospace,monospace">client = Client(url, </span><span style="font-family:monospace,monospace;font-size:12.8000001907349px">plugins=[OutboundWssePlugin(</span><span style="font-family:monospace,monospace;font-size:12.8000001907349px">certificate), LogPlugin()])</span><br></div><div><br></div><div>Now, the plugin will not expect a signed answer.</div></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 27, 2015 at 4:02 PM, Paul Tomblin <span dir="ltr"><<a href="mailto:ptomblin@xcski.com" target="_blank">ptomblin@xcski.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">This looks really promising, but when I try it with my self-signed certificate, I get the following error:<div><br><div><div>DEBUG:suds.client:sending to (<a href="https://xxx.service-now.com/u_cart_request.do?SOAP" target="_blank">https://xxx.service-now.com/u_cart_request.do?SOAP</a>)</div><div>message:</div><div><?xml version="1.0" encoding="UTF-8"?></div><div><SOAP-ENV:Envelope xmlns:wsse="<a href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd</a>" xmlns:wsu="<a href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd</a>" xmlns:ns0="<a href="http://schemas.xmlsoap.org/soap/envelope/" target="_blank">http://schemas.xmlsoap.org/soap/envelope/</a>" xmlns:ns1="<a href="http://www.service-now.com/u_cart_request" target="_blank">http://www.service-now.com/u_cart_request</a>" xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a>" xmlns:SOAP-ENV="<a href="http://schemas.xmlsoap.org/soap/envelope/" target="_blank">http://schemas.xmlsoap.org/soap/envelope/</a>"></div><div>   <SOAP-ENV:Header></div><div>      <wsse:Security mustUnderstand="true"></div><div>         <wsse:UsernameToken></div><div>            <wsse:Username>aaaa</wsse:Username></div><div>            <wsse:Password>bbbb</wsse:Password></div><div>         </wsse:UsernameToken></div><div>         <wsu:Timestamp></div><div>            <wsu:Created>2015-04-27T18:55:22.714722+00:00</wsu:Created></div><div>            <wsu:Expires>2015-04-27T18:56:52.714722+00:00</wsu:Expires></div><div>         </wsu:Timestamp></div><div>      </wsse:Security></div><div>   </SOAP-ENV:Header></div><div>   <ns0:Body></div><div>      <ns1:insert></div><div>         <u_cart_number>12345</u_cart_number></div><div>         <u_servicenow_ritm_number>RMT12345</u_servicenow_ritm_number></div><div>      </ns1:insert></div><div>   </ns0:Body></div><div></SOAP-ENV:Envelope></div><div>DEBUG:suds.client:headers = {'SOAPAction': '"<a href="http://www.service-now.com/u_cart_request/insert" target="_blank">http://www.service-now.com/u_cart_request/insert</a>"', 'Content-Type': 'text/xml; charset=utf-8'}</div><div>DEBUG:suds.client:HTTP failed - 500 - Internal Server Error:</div><div><SOAP-ENV:Envelope xmlns:SOAP-ENV="<a href="http://schemas.xmlsoap.org/soap/envelope/" target="_blank">http://schemas.xmlsoap.org/soap/envelope/</a>"><SOAP-ENV:Header/><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>wsse:FailedAuthentication</faultcode><faultstring>The security token could not be authenticated or authorized</faultstring><detail>WSSecurity login failed</detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope></div><div>ERROR:suds.plugin:No signature node found</div><div>Traceback (most recent call last):</div><div>  File "/usr/local/lib/python2.7/dist-packages/suds/plugin.py", line 254, in __call__</div><div>    method(ctx)</div><div>  File "/usr/local/lib/python2.7/dist-packages/soap_wsse/suds_plugin.py", line 20, in received</div><div>    valid = verify_envelope(context.reply, self.cert_filename)</div><div>  File "/usr/local/lib/python2.7/dist-packages/soap_wsse/signing.py", line 130, in verify_envelope</div><div>    raise CertificationError("No signature node found")</div><div>CertificationError: No signature node found</div><div>ERROR:suds.client:<suds.sax.document.Document instance at 0x7f4c8b4a45f0></div><div>e = Server raised fault: 'The security token could not be authenticated or authorized'</div></div><div><br></div></div><div><br></div><div>I don't see the BinarySecurityToken in the outgoing XML in the first debug message. Shouldn't it be there? The "No signature node found" message seems to be related to incoming not outgoing messages, so I'm confused why it's happening.</div><div><br></div><div><br></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 27, 2015 at 1:13 PM, Iuri <span dir="ltr"><<a href="mailto:iurisilvio@gmail.com" target="_blank">iurisilvio@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I'm using suds-jurko [1] with soap_wsse [2] for this. It is simple. I never tried pysimplesoap.<div><br></div><div><div><font face="monospace, monospace">from soap_wsse.suds_plugin import WssePlugin</font></div><div><font face="monospace, monospace">from suds.client import Client</font></div><div><font face="monospace, monospace">from suds.wsse import Security, UsernameToken, Timestamp</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">url = "<a href="http://example.com/service?WSDL" target="_blank">http://example.com/service?WSDL</a>"</font></div><div><font face="monospace, monospace">username = "test"</font></div><div><font face="monospace, monospace">password = "p@ssw0rd!"</font></div><div><font face="monospace, monospace">certificate = "/your/cert.pem"</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">s = Security()</font></div><div><font face="monospace, monospace">s.tokens.extend([UsernameToken(username, password), Timestamp()])</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">client = Client(url, plugins=[WssePlugin(certificate)])</font></div><div><font face="monospace, monospace">client.set_options(wsse=s)</font></div></div><div><br></div><div><div>[1] <a href="https://pypi.python.org/pypi/suds-jurko" target="_blank">https://pypi.python.org/pypi/suds-jurko</a></div><div>[2] <a href="https://pypi.python.org/pypi/soap_wsse" target="_blank">https://pypi.python.org/pypi/soap_wsse</a></div></div><div><br></div><div class="gmail_extra">Cheers!</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Mon, Apr 27, 2015 at 12:06 PM, Paul Tomblin <span dir="ltr"><<a href="mailto:ptomblin@xcski.com" target="_blank">ptomblin@xcski.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div><div><div dir="ltr">I need to talk to a web service that requires wsse:BinarySecurityToken, ds:Security, wsse:UsernameToken and wsu:Timestamp headers. I see that the latest version of pysimplesoap on <a href="http://python.org" target="_blank">python.org</a> has some sort of plugin architecture and a wsse.py for at least some of these headers, but I don't see any documentation on how to use them. The Google Code page doesn't have the wsse.py file, and so obviously nothing in their Wiki.<div><br></div><div>Can somebody point me to documentation or examples?</div><span><font color="#888888"><div><br clear="all"><div><br></div>-- <br><div><a href="http://www.linkedin.com/in/paultomblin" target="_blank">http://www.linkedin.com/in/paultomblin</a><br><a href="http://careers.stackoverflow.com/ptomblin" target="_blank">http://careers.stackoverflow.com/ptomblin</a><br></div>
</div></font></span></div>
<br></div></div>_______________________________________________<br>
Soap mailing list<br>
<a href="mailto:Soap@python.org" target="_blank">Soap@python.org</a><br>
<a href="https://mail.python.org/mailman/listinfo/soap" target="_blank">https://mail.python.org/mailman/listinfo/soap</a><br>
<br></blockquote></div><br></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div><a href="http://www.linkedin.com/in/paultomblin" target="_blank">http://www.linkedin.com/in/paultomblin</a><br><a href="http://careers.stackoverflow.com/ptomblin" target="_blank">http://careers.stackoverflow.com/ptomblin</a><br></div>
</div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><a href="http://www.linkedin.com/in/paultomblin" target="_blank">http://www.linkedin.com/in/paultomblin</a><br><a href="http://careers.stackoverflow.com/ptomblin" target="_blank">http://careers.stackoverflow.com/ptomblin</a><br></div>
</div>