I am implementing my own MDM server using OMA-DM protocol, and am currently working on enrolling a windows 10 client to my server. I have successfully implemented the 'discovery service' and 'policy service' steps as mentioned in this link : https://msdn.microsoft.com/en-us/library/windows/hardware/dn925031(v=vs.85).aspx
I am currently trying to complete the 3rd step i.e. the 'certificate enrollment'. As stated in the above link, the client sends me the Request Security Token (RST) message (which has a PKCS#10 certificate request)and from my understanding, I am supposed to send a root and client certificate back in a wap provisioning xml. However, on the windows 10 machine I get a message "Something went wrong...". The administrative logs in Event Viewer are of no use and have this message : "MDM Enroll: Failed to receive or parse certificate enroll response. Result: (Unknown Win32 Error code: 0x80180008)."
I have the following questions:
1) From reading around, i have understood that the client will send a hard-coded CN value in the PKCS#10 certificate request and it is the responsibility of the server to send a signed client certificate with this same CN. Am I right ? or is it up to the server to send ANY CN it seems fit provided that the wap has subject in the search criteria param ?
2) The wap provisioning XML has a parameter called "SSLCLIENTCERTSEARCHCRITERIA". What should this value ideally be ? As per my understanding it should be the subject of the client certificate i.e CN.
3) Any way I can see more detailed logs on the windows 10 client PC ??
Here is my WAP :
<?xml version="1.0" encoding="UTF-8" standalone="no"?><wap-provisioningdoc version="1.1">
<characteristic type="CertificateStore">
<characteristic type="Root">
<characteristic type="System">
<characteristic type="B8E6A72180B04F64CB594AEFBFDF2F0997DB6FD7">
<parm name="EncodedCertificate" value="MIIF+zCCA+OgAwIBAgIJAJE458QXNuiLMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJVUzENMAsGA1UECBMEVGVzdDENMAsGA1UEBxMEVGVzdDERMA8GA1UEChMIVGVzdCBPcmcxFjAUBgNVBAsTDVRlc3Qgb3JnIHVuaXQxFTATBgNVBAMTDFdTTzIgUm9vdCBDQTEcMBoGCSqGSIb3DQEJARYNcm9vdEB3c28yLmNvbTAeFw0xNTAxMjcxMjUxMjRaFw0xNzEwMjMxMjUxMjRaMIGLMQswCQYDVQQGEwJVUzENMAsGA1UECBMEVGVzdDENMAsGA1UEBxMEVGVzdDERMA8GA1UEChMIVGVzdCBPcmcxFjAUBgNVBAsTDVRlc3Qgb3JnIHVuaXQxFTATBgNVBAMTDFdTTzIgUm9vdCBDQTEcMBoGCSqGSIb3DQEJARYNcm9vdEB3c28yLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANJ756zjlkNKJf9O80qwFWxlwr4vOa80oaGXaO8Luj8ZNb7zyGATppTmZi2brRVfNPGHhN/0REb5+Gcf0xvk1b5Wp4E+JoDKfZMwOVQsMVmKYHqopgiiE28L/YoNd0XmZA0J03nfQ4rzYggwQX7oRsW/AptkdURV4i8xD3SsqDGDZyYxQVDkj55nrweEd5FWOnYvvpdbFJ4WanJmGe1WRtLMJ0jFi7tw9Wc7W/5+fvIA9bvHDHoG1VlfyjQUSvTLlAN7Ui0ztXTcOZuN3HI0putMQRyaAD7Ljl7E1ROiqMhN/z80Bck8Yi7ELOmq+cJOir/4CAamj8SugZ0iXo922slrSemWL9tjNT7MFmjFXmgIfVmaJF7OxKyxHhO8gJKTlU2KSJJH2CzMwnGdRFrDlsAotVjGLYFWHUN4HW2uA2crEEmk+UduwnVMazqUwBFxv+INf0U55bsXTv7C3L06IUaTBvxhxKQmzj9BeQGwWAC2Co4s5riT2ttivSRlXijPIEDTfmvE/fjj4KfQQOTY3+EejacMe6gb/qVsCZ1g9Tbk7WLgjYHBuOQSAz3lwPPqPY+6CakeL29wWyPg7pGzR6lMcYItUdHJuNsTijs0x6Xi1O5iIuL2o0vl8FRH+tZFm3ujtCIHprjUgcn6aOR9Ms/NkUJCziKKAb4KoohNFgr/AgMBAAGjYDBeMB0GA1UdDgQWBBSDhLDYVCYhJsxvK1ZNV05qGGVajjAfBgNVHSMEGDAWgBSDhLDYVCYhJsxvK1ZNV05qGGVajjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAykqOsxHV43Bx24+7DfxLNYyafBayHacQ4uwtldwexyQBfIyJKjhzZUSvl37zhFPhJRJHogFIds+FoqaQsF8PvI/YSKs3UYRhje2mJan79lEArCd+3zDGmzQhmutVo7C1bCQuujV8YLIJGvvcnMcHnMLpc5CfjzmI2C6qMZ5XgpHx/Mhindllqr0ZVvqRive0A2svW1k47XWB7BIfx/aoZ1viPHDNYVuYZ6j/NAFv8/Fu3n/TfYOJ5rz0NPGHYXnmFcgGxtYTu5u6Q9YVdDLZv9lqYbMRSdiQ8SVDzwxft9N5g6/VoXLoMpCS7/6jR3J0GbG2r/vr024QMOHDZHQDjkAVUBni6/bRHqj389RnOXhQ+TSlx/hGgtdTpZRv63PjAqTCdDAhazWAgG/W+dxUhAywiOYHeXincuuDER0ypkfGcaUvbN9/mWtGJvtW+L9OlTj3LQlXD2ORehz5itS3eV0DVkscCOLzzkVLtIJeew1oRmiADNOUe5A6V0cW5HIFi9F7Recqv9lGphwQeq+2cmvUKkSPcx+Z/SHTT/nIOioqxxafJhci5dAEsPgtzxnA6QqPQtxOj46aZxQh5+hzZ/1CQq3UThDdQreJL51c+NOSZFQh6YVpJH6ZdSldBJnHjbS7RL/bv2kl1Pmv808T+iG+GpDw2XljwsI6TL8ACok="/>
</characteristic>
</characteristic>
</characteristic>
</characteristic>
<characteristic type="CertificateStore">
<characteristic type="My">
<characteristic type="User">
<characteristic type="8C0765870005BC084563F0D359AE41177CEB4F1C">
<parm name="EncodedCertificate" value="MIIEazCCAlOgAwIBAgIGAVNVq4FVMA0GCSqGSIb3DQEBCwUAMIGLMRwwGgYJKoZIhvcNAQkBFg1yb290QHdzbzIuY29tMRUwEwYDVQQDDAxXU08yIFJvb3QgQ0ExFjAUBgNVBAsMDVRlc3Qgb3JnIHVuaXQxETAPBgNVBAoMCFRlc3QgT3JnMQ0wCwYDVQQHDARUZXN0MQ0wCwYDVQQIDARUZXN0MQswCQYDVQQGEwJVUzAgFw0xNjAzMDYxMDAwMTZaGA8yMTE2MDMwODEwMDAxNlowSzFJMEcGA1UEAwxAMEM1OUJBQjAtQUU0Ny00NDlDLTkyQ0QtRTEyMjM2MyFEMzdCNzM1Nzc0MUVGNDRFQTI4NUQwRDYzNzFGNzBBQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOF6TccENSlWosUpeh4ILwFu50vbvgYLoTgE1eVqP+SqPwdWAs9zfCexKqp0ySFV6lVvx8YRVgXpBpLV4Co6mqED18EqsS0OgpdiyowBhWh0yFwxXb7gVYmB+2s6vHoYTf2+mseWDMHiJbiZsJd+jep8+ZLUeMq2YZwz3uB8pbZ5v1AJjRs2kCOA99G8TKMF6kY0rlOaEIb4rhLolBOxgS8V7rhND6+e0ruTspLeoHKxUcw+Udh2jFA6uIkjWqdarFcx3a18a7JK8mCxY1bA5YrVDr+DCKgwFNwQYUW8n3y/REVSFaoKVjtZWdtCGx0NNTEgmg1Qilx0ckrStAwuFBkCAwEAAaMSMBAwDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4ICAQBrpXVXQtx3DMzmNQBVcthaM7Tr7/EEmrqwkgwWlnPKVWPKgps+dPhulgQ9fNvcfiGrra6L6NYmU92g16G8DgmH7CCjwWsHWeETWjegcNMn4a0lX81HCS+8yb62+i5U3Jz5/eU4QL5iJZabT5iMfe7oE1enP+o5BzfKa4ce+gk2Id/WoIdTPmsTge+vPGXl8D0x+wk/AV/SzsFuv5u12K19H/3Sta0jjQl+VVLkwHiKxQ6SUmR+E4HIX+f9903fONYZGLXQJrVadG+lP2ydHOyYss8efbVNkTA3/VkUApG1Wx5P+WdFWtJBgZxajO5mosrNOJaCZ/5SVxmEf/7LH4I5JSfr4WXGponTw/TCWsdyklY3z18E4w+Go8KMseITGThtPhuZ9Uxg6LrE/SFSHqhEaMinbGW1LlvXXui6CqbHC6+ytQHzm40OAp1Wfp/+yyaegOxZTNePFKtzoQg/bJzgdHLEDU2L2fxHFPSNHGXpMKryCVGYta5Zapy4Mwa9fkA2vaSDq1FXW12wzPjal8pc4C0mBq5WAd/99u6xhsAHUrimIOzq92ifw9z9zVR37qYPi4tFuhyVvxRrblciGmS9/LWkDcYezrpBKnrSAo8qEySgJcoENlc3x906vh4TLrJdjjEIRSWiCrmTGP32o/cYIvZa8J5v0ysJzX4jaw769g=="/>
</characteristic>
<characteristic type="PrivateKeyContainer"/>
</characteristic>
<characteristic type="WSTEP">
<characteristic type="Renew">
<parm datatype="boolean" name="ROBOSupport" value="true"/>
<parm datatype="integer" name="RenewPeriod" value="60"/>
<parm datatype="integer" name="RetryInterval" value="4"/>
</characteristic>
</characteristic>
</characteristic>
</characteristic>
<characteristic type="APPLICATION">
<parm name="APPID" value="w7"/>
<parm name="PROVIDER-ID" value="MDMServer"/>
<parm name="NAME" value="test"/>
<parm name="ADDR" value="https://dhruvesh.auth.hpicorp.net/services/oma-dm/ws/syncml/initialquery"/>
<parm name="CONNRETRYFREQ" value="6"/>
<parm name="INITIALBACKOFFTIME" value="30000"/>
<parm name="MAXBACKOFFTIME" value="120000"/>
<parm name="BACKCOMPATRETRYDISABLED"/>
<parm name="DEFAULTENCODING" value="application/vnd.syncml.dm+wbxml"/>
<parm name="SSLCLIENTCERTSEARCHCRITERIA" value="Subject=CN%3D0C59BAB0-AE47-449C-92CD-E122363!D37B7357741EF44EA285D0D6371F70AC&Stores=My%5CUser"/>
<characteristic type="APPAUTH">
<parm name="AAUTHLEVEL" value="CLIENT"/>
<parm name="AAUTHTYPE" value="DIGEST"/>
<parm name="AAUTHSECRET" value="password1"/> <!-- Have a doubt about this field and the one below. Whose passwords and nonce do they mean? -->
<parm name="AAUTHDATA" value="nonce"/>
</characteristic>
<characteristic type="APPAUTH">
<parm name="AAUTHLEVEL" value="APPSRV"/>
<parm name="AAUTHTYPE" value="BASIC"/>
<parm name="AAUTHNAME" value="abc#abc.com"/> <!-- Have a doubt about this field and the one below. Whose username and passwords do they mean? -->
<parm name="AAUTHSECRET" value="Computer#2"/>
</characteristic>
</characteristic>
<characteristic type="DMClient">
<characteristic type="Provider">
<characteristic type="MDMServer">
<parm datatype="string" name="UPN" value="UserPrincipalName#contoso.com"/> <!-- Doubt about this field too. What is expected ? -->
<characteristic type="Poll">
<parm datatype="integer" name="NumberOfFirstRetries" value="8"/>
<parm datatype="integer" name="IntervalForFirstSetOfRetries" value="15"/>
<parm datatype="integer" name="NumberOfSecondRetries" value="5"/>
<parm datatype="integer" name="IntervalForSecondSetOfRetries" value="3"/>
<parm datatype="integer" name="NumberOfRemainingScheduledRetries" value="0"/>
<parm datatype="integer" name="IntervalForRemainingScheduledRetries" value="1560"/>
<parm datatype="boolean" name="PollOnLogin" value="true"/>
</characteristic>
<parm datatype="string" name="EntDeviceName" value="Administrator_Windows"/>
</characteristic>
</characteristic>
</characteristic>
</wap-provisioningdoc>
Have a few doubts in the above wap too (have put comments there).
Really stuck here. Any help would really be appreciated :)
You should remove the xml tag
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
from the beginning since the WAP payload is not a full XML payload. Other than that you may run into an issue when generating the certificate from the PKCS10 payload. Make sure that you change the subject name to a value that you want and that you pass it down to the "SSLCLIENTCERTSEARCHCRITERIA" criteria. Otherwise, your device will register but will never communicate with your management server.
This may also help: https://blogs.msdn.microsoft.com/wsdevsol/2013/10/03/common-issues-when-implementing-windows-phone-8-enterprise-mobile-device-management/
Good luck!
Related
I'm trying to make an request TokenCreateRQ on https://sws-crt.cert.havail.sabre.com/ endpoint. Replaced required fields by my own credentials. Current credentials looks like next:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<MessageHeader xmlns="http://www.ebxml.org/namespaces/messageHeader">
<From>
<PartyId>Agency</PartyId>
</From>
<To>
<PartyId>Sabre_API</PartyId>
</To>
<ConversationId>2021.01.DevStudio</ConversationId>
<Action>TokenCreateRQ</Action>
</MessageHeader>
<Security xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext">
<UsernameToken>
<Username>my_username</Username>
<Password>my_password</Password>
<Organization>my_pcc</Organization>
<Domain>DEFAULT</Domain>
</UsernameToken>
</Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<TokenCreateRQ Version="1.0.0" xmlns="http://webservices.sabre.com"/>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
and response comes following:
<?xml version="1.0" encoding="UTF-8"?>
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
<soap-env:Header>
<eb:MessageHeader xmlns:eb="http://www.ebxml.org/namespaces/messageHeader" eb:version="1.0" soap-env:mustUnderstand="1">
<eb:From>
<eb:PartyId eb:type="URI">Sabre_API</eb:PartyId>
</eb:From>
<eb:To>
<eb:PartyId eb:type="URI">Agency</eb:PartyId>
</eb:To>
<eb:ConversationId>2021.01.DevStudio</eb:ConversationId>
<eb:Action>ErrorRS</eb:Action>
<eb:MessageData>
<eb:MessageId>2746048641716630381</eb:MessageId>
<eb:Timestamp>2021-09-14T17:49:31</eb:Timestamp>
</eb:MessageData>
</eb:MessageHeader>
<wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext"/>
</soap-env:Header>
<soap-env:Body>
<soap-env:Fault>
<faultcode>soap-env:Client.AuthenticationFailed</faultcode>
<faultstring>Authentication failed</faultstring>
<detail>
<StackTrace>com.sabre.universalservices.base.security.AuthenticationException: errors.authentication.USG_AUTHENTICATION_FAILED</StackTrace>
</detail>
</soap-env:Fault>
</soap-env:Body>
</soap-env:Envelope>
Credentials are correct. Does anybody knows what may cause an issue?
Probable cause, your credentials are not activated to consume Sabre webservices or you might have to reset your password.
I'm trying to use the Sabre SOAP API to retrieve a profile. I'm using the SOAP template here (https://developer.sabre.com/guides/travel-agency/developer-guides/soap-apis-request-format) with the specifics here (https://developer.sabre.com/sabre_hospitality/apis/soap_apis/hotel/profile/read_profile). I'm able to get a BinarySession token ok using the SessionCreateRQ request ok. It starts with the text "Shared/IDL:IceSess/SessMgr".
My request looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:eb="http://www.ebxml.org/namespaces/messageHeader" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsd="http://www.w3.org/1999/XMLSchema">
<SOAP-ENV:Header>
<eb:MessageHeader SOAP-ENV:mustUnderstand="1" eb:version="1.0">
<eb:From>
<eb:PartyId />
</eb:From>
<eb:To>
<eb:PartyId />
</eb:To>
<eb:CPAId>ipcc</eb:CPAId>
<eb:ConversationId>conversationID</eb:ConversationId>
<eb:Service>OTA_ReadRQ</eb:Service>
<eb:Action>OTA_ReadRQ</eb:Action>
<eb:MessageData>
<eb:MessageId>mid:20001209-133003-2333#clientofsabre.com</eb:MessageId>
<eb:Timestamp>2001-02-15T11:15:12Z</eb:Timestamp>
<eb:TimeToLive>2001-02-15T11:15:12Z</eb:TimeToLive>
</eb:MessageData>
</eb:MessageHeader>
<wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext">
<wsse:BinarySecurityToken valueType="String" EncodingType="wsse:Base64Binary">MY SECURITY TOKEN GOES HERE</wsse:BinarySecurityToken>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<eb:SoapAPIServiceActionCode>
<OTA_ReadRQ Version="1" EchoToken="1122" PrimaryLangID="en" xmlns="http://www.opentravel.org/OTA/2003/05">
<ReadRequests>
<ProfileReadRequest>
<UniqueID Type="1" ID="14EF985B2C" ID_Context="crs">
<CompanyName CodeContext="hotel" Code="10001"/>
</UniqueID>
</ProfileReadRequest>
</ReadRequests>
</OTA_ReadRQ>
</eb:SoapAPIServiceActionCode>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
But when I do this I get the error:
<soap-env:Fault>
<faultcode>soap-env:Client.InvalidAction</faultcode>
<faultstring>Action specified in EbxmlMessage does not exist.</faultstring>
<detail>
<StackTrace>com.sabre.universalservices.base.exception.ApplicationException: errors.xml.USG_INVALID_ACTION</StackTrace>
</detail>
</soap-env:Fault>
Can anyone advise where I'm going wrong?
Try to use <eb:Action>OTA_ProfileReadRQ</eb:Action> instead.
Sabre responds with OTA_ProfileReadRS, so I suppose the Action code may contain "ProfileRead" as well.
First of all you must have permission in your iPCC/EPR the authorization to use this service.
The faultstring="Action specified in EbxmlMessage does not exist." error was in <eb:Action>OTA_ReadRQ</eb:Action>.
You can read more details about the hospitallity services in:
https://github.com/SabreDevStudio/get-hotel-avail-v2-sample-nodejs
https://github.com/SabreDevStudio/get-hotel-details-sample-nodejs
https://github.com/SabreDevStudio/hotel-price-check-v2-sample-nodejs
I am new to working with JBoss and I'm working on setting up a cluster to test with. I followed the directions from middleware to setup a JBoss Domain cluster on a single Linux VM using JBoss EAP 7.1.6. I am now trying to deploy a web application to my cluster using the admin console to test that the cluster is working.
I have created a simple hello world web app using liweinan's cluster demo source code that should display the current time. I tested the app and it displays correctly on a standalone cluster, but when I test my domain cluster I am seeing the page telling me that I need to disable the welcome content. What am I doing wrong? Is there something that also needs to be configured on the slaves?
Here is my jboss-web.xml in my application war:
<jboss-web>
<context-root>/</context-root>
</jboss-web>
In the host-master.xml the domain controller is:
<domain-controller>
<local/>
</domain-controller>
In the domain.xml file I have updated the interfaces to match the address of my machine. I also commented out the welcome content in the undertow.
<subsystem xmlns="urn:jboss:domain:undertow:4.0">
<buffer-cache name="default"/>
<server name="default-server">
<ajp-listener name="ajp" socket-binding="ajp"/>
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost">
<!--<location name="/" handler="welcome-content"/>-->
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<http-invoker security-realm="ApplicationRealm"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<!--<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>-->
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
In both of the host-slave.xml files I have updated the socket interface management port, the interface inet-address, and added an offset for the servers.
Any help or suggestions would be greatly appreciated. I've been researching this for days without success.
It turns out the issue wasn't with my configuration. When you deploy the application you can't change the name. I was changing it from ClusterDemo.war to ClusterDemo. When I left the .war on the name, the app ran with no issues.
I have followed the configuration guide for JBoss EAP 7.0 - 21.3.7 to set up externalized HttpSessions to JDG
The steps are pretty simple, my standalone.xml has:
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
<cache-container name="cacheContainer" default-cache="default-cache" module="org.jboss.as.clustering.web.infinispan" statistics-enabled="true">
<transport lock-timeout="60000"/>
<replicated-cache name="default-cache" mode="SYNC">
<locking isolation="REPEATABLE_READ"/>
<transaction mode="BATCH"/>
<remote-store cache="default" socket-timeout="60000" remote-servers="remote-jdg-server1 remote-jdg-server2" passivation="false" preload="true" purge="false" shared="true"/>
</replicated-cache>
</cache-container>
...
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<outbound-socket-binding name="remote-jdg-server1">
<remote-destination host="jdbserver1" port="11222"/>
</outbound-socket-binding>
<outbound-socket-binding name="remote-jdg-server2">
<remote-destination host="jdgserver2" port="11222"/>
</outbound-socket-binding>
Then I added a jboss-web.xml file to my application's WEB-INF folder, referencing the cache container and the remote store cache:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_10_0.xsd"
version="10.0">
<context-root>/myapp</context-root>
<replication-config>
<cache-name>cacheContainer.default-cache</cache-name>
<replication-granularity>SESSION</replication-granularity>
</replication-config>
</jboss-web>
However it doesn't seem to be working. I tested putting an attribute in session and restarting the server. Then I can see that it creates a new httpsession, not reusing the previous one and thus, missing the parameter set before. The logs don't show anything relevant.
I'm starting to evaluate WSO2 ESB and try to implement some simple but real life scenarios.
What I'm trying to do, in this specific case is connect to a web-service that uses a session-key in the payload to do the authentication. So there is one web-service call with user and password to get the key and then I need to put this into the payload of the second web-service call to actually retrieve data from a service.
I don't want to log in with every service call, for performance reasons, but log in once, store the key for some time and do a couple of requests.
The service I want to call is a SugarCRM web-service.
The login message would be something like this:
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sug="http://www.sugarcrm.com/sugarcrm" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
<soapenv:Header/>
<soapenv:Body>
<sug:login soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<user_auth xsi:type="sug:user_auth">
<user_name xsi:type="xsd:string">interface</user_name>
<password xsi:type="xsd:string">MD5HASHOFPASSWORD</password>
</user_auth>
<application_name xsd:string">dummy</application_name>
<name_value_list xsi:type="sug:name_value_list" soapenc:arrayType="sug:name_value[]"/>
</sug:login>
</soapenv:Body>
Which returns something like this:
<SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns="http://www.sugarcrm.com/sugarcrm">
<SOAP-ENV:Body>
<ns1:loginResponse xmlns:ns1="http://www.sugarcrm.com/sugarcrm">
<return xsi:type="tns:entry_value">
<id xsi:type="xsd:string">loggfi0i3j6eeugs7l0a0m2587</id>
</return>
</ns1:loginResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Then I need to use the "id" field as the token for a new request.
Example, to request all the Leads (the "id" is put into the "session" field):
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sug="http://www.sugarcrm.com/sugarcrm" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
<soapenv:Header/>
<soapenv:Body>
<sug:get_entry_list soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<session xsi:type="xsd:string">loggfi0i3j6eeugs7l0a0m2587</session>
<module_name xsi:type="xsd:string">Leads</module_name>
</sug:get_entry_list>
</soapenv:Body>
</soapenv:Envelope>
This request then returns all the Leads in the database.
Equally this is needed for accessing web-services that use OAuth2, for example the REST-API of MS Dynamics CRM, only then I need to put the token/bearer in the header.
How would I go about realizing the above scenario in WSO2 ESB? I'm sure this is pretty common, but I have not found documentation or examples for it.
Here is the sequence to get the session-id from the CRM:
<?xml version="1.0" encoding="UTF-8"?>
<sequence name="sugar_login" trace="enable" xmlns="http://ws.apache.org/ns/synapse">
<payloadFactory media-type="xml">
<format>
<sug:login xmlns:sug="http://www.sugarcrm.com/sugarcrm">
<sug:user_auth>
<user_name>interface</user_name>
<password>MD5HASHOFPASSWORD</password>
<version>1</version>
</sug:user_auth>
<application_name>dummy</application_name>
</sug:login>
</format>
</payloadFactory>
<header name="To" value="http://my.sugarcrm.com:9090/service/v4_1/soap.php"/>
<call>
<endpoint name="templEPTimeout" template="org.wso2.carbon.connector.sugarcrm.timeout">
<axis2ns653:parameter name="timoutDuration" value="6000" xmlns:axis2ns653="http://ws.apache.org/ns/synapse"/>
<axis2ns654:parameter name="maximumDuration" value="3000" xmlns:axis2ns654="http://ws.apache.org/ns/synapse"/>
<axis2ns655:parameter name="progressAFactor" value="2.0" xmlns:axis2ns655="http://ws.apache.org/ns/synapse"/>
<axis2ns656:parameter name="initialDuration" value="2000" xmlns:axis2ns656="http://ws.apache.org/ns/synapse"/>
</endpoint>
</call>
<!-- Remove response custom header information -->
<header action="remove" name="X-SOAP-Server" scope="transport"/>
<header action="remove" name="Cache-control" scope="transport"/>
<header action="remove" name="Vary" scope="transport"/>
<header action="remove" name="Expires" scope="transport"/>
<header action="remove" name="Set-Cookie" scope="transport"/>
<header action="remove" name="path" scope="transport"/>
<property expression="//ns1:loginResponse/return/id"
name="sugarsessionid" scope="default" type="STRING" xmlns:ns="http://org.apache.synapse/xsd"/>
</sequence>
You can use the sugarcrm connector to connect with SugarCRM API. You can find the sugarcrm connector at WSO2 Store. Find more details in the documentation.