[Soap-Python] WSSE security

Ovnicraft ovnicraft at gmail.com
Mon Apr 27 23:12:53 CEST 2015


You can test this repo, http://github.com/ovnicraft/suds
Give me your feedback please.



On Mon, Apr 27, 2015 at 2:02 PM, Paul Tomblin <ptomblin at xcski.com> wrote:

> This looks really promising, but when I try it with my self-signed
> certificate, I get the following error:
>
> DEBUG:suds.client:sending to (
> https://xxx.service-now.com/u_cart_request.do?SOAP)
> message:
> <?xml version="1.0" encoding="UTF-8"?>
> <SOAP-ENV:Envelope xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:ns0="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="
> http://www.service-now.com/u_cart_request" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENV="
> http://schemas.xmlsoap.org/soap/envelope/">
>    <SOAP-ENV:Header>
>       <wsse:Security mustUnderstand="true">
>          <wsse:UsernameToken>
>             <wsse:Username>aaaa</wsse:Username>
>             <wsse:Password>bbbb</wsse:Password>
>          </wsse:UsernameToken>
>          <wsu:Timestamp>
>             <wsu:Created>2015-04-27T18:55:22.714722+00:00</wsu:Created>
>             <wsu:Expires>2015-04-27T18:56:52.714722+00:00</wsu:Expires>
>          </wsu:Timestamp>
>       </wsse:Security>
>    </SOAP-ENV:Header>
>    <ns0:Body>
>       <ns1:insert>
>          <u_cart_number>12345</u_cart_number>
>          <u_servicenow_ritm_number>RMT12345</u_servicenow_ritm_number>
>       </ns1:insert>
>    </ns0:Body>
> </SOAP-ENV:Envelope>
> DEBUG:suds.client:headers = {'SOAPAction': '"
> http://www.service-now.com/u_cart_request/insert"', 'Content-Type':
> 'text/xml; charset=utf-8'}
> DEBUG:suds.client:HTTP failed - 500 - Internal Server Error:
> <SOAP-ENV:Envelope xmlns:SOAP-ENV="
> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>wsse:FailedAuthentication</faultcode><faultstring>The
> security token could not be authenticated or
> authorized</faultstring><detail>WSSecurity login
> failed</detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
> ERROR:suds.plugin:No signature node found
> Traceback (most recent call last):
>   File "/usr/local/lib/python2.7/dist-packages/suds/plugin.py", line 254,
> in __call__
>     method(ctx)
>   File "/usr/local/lib/python2.7/dist-packages/soap_wsse/suds_plugin.py",
> line 20, in received
>     valid = verify_envelope(context.reply, self.cert_filename)
>   File "/usr/local/lib/python2.7/dist-packages/soap_wsse/signing.py", line
> 130, in verify_envelope
>     raise CertificationError("No signature node found")
> CertificationError: No signature node found
> ERROR:suds.client:<suds.sax.document.Document instance at 0x7f4c8b4a45f0>
> e = Server raised fault: 'The security token could not be authenticated or
> authorized'
>
>
> I don't see the BinarySecurityToken in the outgoing XML in the first debug
> message. Shouldn't it be there? The "No signature node found" message seems
> to be related to incoming not outgoing messages, so I'm confused why it's
> happening.
>
>
>
> On Mon, Apr 27, 2015 at 1:13 PM, Iuri <iurisilvio at gmail.com> wrote:
>
>> I'm using suds-jurko [1] with soap_wsse [2] for this. It is simple. I
>> never tried pysimplesoap.
>>
>> from soap_wsse.suds_plugin import WssePlugin
>> from suds.client import Client
>> from suds.wsse import Security, UsernameToken, Timestamp
>>
>> url = "http://example.com/service?WSDL"
>> username = "test"
>> password = "p at ssw0rd!"
>> certificate = "/your/cert.pem"
>>
>> s = Security()
>> s.tokens.extend([UsernameToken(username, password), Timestamp()])
>>
>> client = Client(url, plugins=[WssePlugin(certificate)])
>> client.set_options(wsse=s)
>>
>> [1] https://pypi.python.org/pypi/suds-jurko
>> [2] https://pypi.python.org/pypi/soap_wsse
>>
>> Cheers!
>>
>>
>> On Mon, Apr 27, 2015 at 12:06 PM, Paul Tomblin <ptomblin at xcski.com>
>> wrote:
>>
>>> I need to talk to a web service that requires wsse:BinarySecurityToken,
>>> ds:Security, wsse:UsernameToken and wsu:Timestamp headers. I see that the
>>> latest version of pysimplesoap on python.org has some sort of plugin
>>> architecture and a wsse.py for at least some of these headers, but I don't
>>> see any documentation on how to use them. The Google Code page doesn't have
>>> the wsse.py file, and so obviously nothing in their Wiki.
>>>
>>> Can somebody point me to documentation or examples?
>>>
>>>
>>> --
>>> http://www.linkedin.com/in/paultomblin
>>> http://careers.stackoverflow.com/ptomblin
>>>
>>> _______________________________________________
>>> Soap mailing list
>>> Soap at python.org
>>> https://mail.python.org/mailman/listinfo/soap
>>>
>>>
>>
>
>
> --
> http://www.linkedin.com/in/paultomblin
> http://careers.stackoverflow.com/ptomblin
>
> _______________________________________________
> Soap mailing list
> Soap at python.org
> https://mail.python.org/mailman/listinfo/soap
>
>


-- 

[image: Cristian Salamea on about.me]

Cristian Salamea
about.me/ovnicraft
    <http://about.me/ovnicraft>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/soap/attachments/20150427/a459af35/attachment-0001.html>


More information about the Soap mailing list