I am trying to do the following:
$basicHttpBinding = New-Object System.ServiceModel.BasicHttpBinding([System.ServiceModel.BasicHttpSecurityMode]::TransportCredentialOnly);
$basicHttpBinding.Security.Transport.ClientCredentialType = [System.ServiceModel.HttpClientCredentialType]::Windows;
$basicHttpBinding.MaxBufferSize = 65536000;
$basicHttpBinding.MaxReceivedMessageSize = 65536000;
$basicHttpBinding.MaxBufferPoolSize = 524288;
$basicHttpBinding.CloseTimeout = "01:01:00";
$basicHttpBinding.OpenTimeout = "01:01:00";
$basicHttpBinding.ReceiveTimeout = "01:01:00";
$basicHttpBinding.SendTimeout = "01:01:00";
$mexClient = New-Object System.ServiceModel.Description.MetadataExchangeClient($basicHttpBinding);
$mexClient.MaximumResolvedReferences = [System.Int32]::MaxValue
$metadataSet = $mexClient.GetMetadata([Uri]$WsdlUrl, $mode)
It appears that for whatever reason, the MexClient is not passing the credentials. I say this because when I browse the $WsdlUrl in IE running as the same user as the script, I can see the wsdl just fine. When I run the code above, I get an exception:
Exception calling "GetMetadata" with "2" argument(s): "Metadata contains a reference that
cannot be resolved: 'http_://myServer:myPort/myVirtualDirectory/myWcfService.svc?wsdl'." ---> System.InvalidOperationException: Metadata contains a
reference that cannot be resolved: 'http_://myServer:myPort/myVirtualDirectory/myWcfService.svc?wsdl'. ---> System.Net.WebException: The remote
server returned an error: (401) Unauthorized.
Edit 01
It also appears the the MetadataExchangeClient is not transmitting the request through http. When I use fiddler there is not 'request' being sent, only an HTTP response of the failure. How can I get the MexClient to send and receive via http?
I was missing:
$mexClient.HttpCredentials = [System.Net.CredentialCache]::DefaultNetworkCredentials;
Before my GetMetaData call. I thought the binding requirements were enough to clue in the MexClient that it should pass the default credentials, but that kind of intelligence was too optimistic. Hope this helps someone.
Related
Is it possible to generate an S3 presigned URL in a Lambda function and return that URL to a client, so the client can use it to do an unauthenticated HTTP PUT?
I'm finding that S3 is unexpectedly closing my HTTPS connection when I try to PUT to the URL I get from the lambda function, and I don't know if it's because the server and client are different entities.
Can I do what I want to do? Is there a secret step I'm missing here?
EDIT: per Anon Coward's request, the server-side code is:
presigned_upload_parts = []
for part in range(num_parts):
resp = s3.generate_presigned_url(
ClientMethod = 'upload_part',
Params = {
'Bucket': os.environ['USER_UPLOADS_BUCKET'],
'Key': asset_id,
'UploadId': s3_upload_id,
'PartNumber': part
}
)
presigned_upload_parts.append({"part": part, "url": resp})
return custom_http_response_wrapper(presigned_upload_parts)
The client-side code is:
for idx, part in enumerate(urls):
startByte = idx * bytes_per_part
endByte = min(filesize, ((idx + 1) * bytes_per_part))
f.seek(startByte, 0)
bytesBuf = f.read(endByte - startByte)
print(f"Buffer is type {type(bytesBuf)} with length {len(bytesBuf):,}")
print(f"Part {str(idx)}: bytes {startByte:,} to {endByte:,} as {part['url']}")
#resp = requests.post(part['url'], data = bytesBuf, headers = self.get_standard_headers())
resp = requests.put(
url = part['url'],
data = bytesBuf
)
The error I'm getting is:
ConnectionResetError: [WinError 10054] An existing connection was forcibly closed by the remote host
The presigned URL looks like:
https://my-bucket-name.s3.amazonaws.com/my/item/key?uploadId=yT2W....iuiggs-&partNumber=0&AWSAccessKeyId=ASIAR...MY&Signature=i6duc...Mmpc%3D&x-amz-security-token=IQoJ...%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F...SWHC&Expires=1657135314
There was a bug in my code somewhere. I ran the code under WSL as a test, and in the Linux environment got a more friendly error that helped me find and fix a minor bug, and now it's running as expected in the Windows environment. Whether that's because of the bugfix or some other environmental change I'll never know.
This is the message I get when I am trying to get the token data using web.contents query from "VMware vRealize Automation API":
There was an error when processing the data in the dataset.
Please try again later or contact support. If you contact support, please provide these details.
Data source error
{"error":{"code":"ModelRefresh_ShortMessage_ProcessingError","pbi.error":{"code":"ModelRefresh_ShortMessage_ProcessingError","parameters":
{},"details":[{"code":"Message","detail":{"type":1,"value":"Web.Contents failed to get contents from 'https://xxxxxxxxx.com/identity/api/tokens'
(404): Not Found"}}],"exceptionCulprit":1}}}
Table: GetToken.
The url passed to the first parameter of Web.Contents (authUrl = "https://xxxxxxxxx.com/identity/api/tokens") is accessible but always return the HTTP ERROR 405, probably
because this API uses a a JSON object in the request body parameter with the users credentials to obtain the Response.
API
My query
The main issues:
Your API uses HTTP POST verses GET, so you need to set Options[Content]
You can get refresh errors on the service unless you use Options[RelativePath]
You can "opt-in" to handling errors for specific HTTP Status codes, combined with Value.MetaData you get more detailed error messages.
Let it generate JSON for you from records and lists by using Query or Content parameters see: docs: Web.Contents
This is equivalent to your curl POST request
let
BaseUrl = "https://www.example.com",
Options = [
RelativePath = "/identity/api/tokens",
Headers = [
Accept="application/json"
],
Content = [
username = "username",
password = "password",
tenant = "tenant"
],
ManualStatusHandling = {400, 405}
],
// wrap 'Response' in 'Binary.Buffer' if you are using it multiple times
response = Web.Contents(BaseUrl, Options),
buffered = Binary.Buffer(response),
response_metadata = Value.Metadata(response),
status_code = response_metadata[Response.Status],
from_json = Json.Document(final_result)
in
from_json
I have related Web.Contents examples here, like Chaining Web.Contents requests: ninmonkeys.com/Power-Query-Custom-Functions-Cheat-Sheet
I'm trying to create a REST API from a SOAP Service using IBM API Connect 5. I have followed all the steps described in this guide (https://www.ibm.com/support/knowledgecenter/en/SSFS6T/com.ibm.apic.apionprem.doc/tutorial_apionprem_expose_SOAP.html).
So, after dragging the web service block from palette, ensuring the correctness of endpoint and publishing the API, I have tried to call the API from the browser. Unfortunately, the API return the following message:
<errorResponse>
<httpCode>500</httpCode>
<httpMessage>Internal Server Error</httpMessage>
<moreInformation>Error attempting to read the urlopen response
data</moreInformation>
</errorResponse>
To testing purpose, I have logged the request and I have tried the request on SOAPUI. The service return the response correctly.
What is the problem?
In my case, the problem was in the backend charset (Content-Type: text/xml;charset=iso-8859-1).
For example, backend returns text/xml in German (or French). Api Connect cannot process character ΓΌ. It needs Content-Type: text/xml;charset=UTF-8.
I had a similar issue, in my case was the accept. if you have an Invoke and the content-type or the accept, is not matching the one of the request, or the response that you got, APIC is getting mad.
Please, check if the formats to send (contentType) and receive (accept) are the same of that your API expected. In my case the error occurs because the API returns a String and my default code is configured to receive a JSON body.
//define a JSON-PLAIN TEXT protocol
private HttpEntity<String> httpEntityWithBody(Object objToParse){
HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", "Bearer " + "xxx token xxx");
headers.set("Accept", MediaType.TEXT_PLAIN_VALUE);
headers.setContentType(MediaType.APPLICATION_JSON);
Gson gson = new GsonBuilder().create();
String json = gson.toJson(objToParse);
HttpEntity<String> httpEntity = new HttpEntity<String>(json, headers);
return httpEntity;
}
//calling the API to APIC...
ParameterizedTypeReference<String> responseType = new
ParameterizedTypeReference<String>(){};
ResponseEntity<String> result =
rest.exchange(builder.buildAndExpand(urlParams).toUri(), HttpMethod.PUT, httpEntityWithBody(myDTO), responseType);
String statusCode = result.getStatusCodeValue();
String message = result.getBody();
I'm working on a mobile prof-of-concept using IBM's Worklight (6.1) to retrieve info via HTTP server (Apache) running on a mainframe (z/OS). I'm using the HTTP adapter procedure to log-on and retrieve data but I so far no success logging on via Worklight HTTP adapter. If I open a browser and provide the 'user:password' headers, the log-in is successful but if I try it via Worklight procedure, the '401 authorization required' error is returned. The HTTP server error log shows:
.. (139)EDC5139I Operation not permitted. (errno2=0x0BE800DB): SAF
authentication failure for "/cgi-bin/itil_v11_main.sh": SAFRunAs
failure on switching SAF UID from Authorization header using
%%CLIENT%% .. user (\xe1\xcb: authentication failure for
"/cgi-bin/itil_v11_main.sh": Password Mismatch
That 'password mismatch' may suggest the 'headers' are not correct? Here's the procedure:
var user_id = 'userid';
var user_psw = 'userpassword';
var loginstring ;
var base64= new com.worklight.customcode.Base64Encoding();
function getITIL() {
loginstring = base64.encode(user_id+':'+user_psw);
var path = '/cgi-bin/itil_v11_main.sh';
var input = {
method : 'get',
headers : {
'Authorization' : 'Basic ' + loginstring
},
returnedContentType : 'html',
path : path
};
return WL.Server.invokeHttp(input);
}
It seems like you've implemented it correctly, however the complaint is on the password, which in your case originates from var base64= new com.worklight.customcode.Base64Encoding();.
Because you do not supply the code that you are using in said class, it's difficult to say what the error is, but that is where you should look at for the cause of your error.
You'll need to provide the class's implementation in order to further debug the question.
##timestamp = nil
def generate_oauth_url
##timestamp = timestamp
url = CONNECT_URL + REQUEST_TOKEN_PATH + "&oauth_callback=#{OAUTH_CALLBACK}&oauth_consumer_key=#{OAUTH_CONSUMER_KEY}&oauth_nonce=#{NONCE} &oauth_signature_method=#{OAUTH_SIGNATURE_METHOD}&oauth_timestamp=#{##timestamp}&oauth_version=#{OAUTH_VERSION}"
puts url
url
end
def sign(url)
Base64.encode64(HMAC::SHA1.digest((NONCE + url), OAUTH_CONSUMER_SECRET)).strip
end
def get_request_token
url = generate_oauth_url
signed_url = sign(url)
request = Net::HTTP.new((CONNECT_URL + REQUEST_TOKEN_PATH),80)
puts request.inspect
headers = { "Authorization" => "Authorization: OAuth oauth_nonce = #{NONCE}, oauth_callback = #{OAUTH_CALLBACK}, oauth_signature_meth od = #{OAUTH_SIGNATURE_METHOD}, oauth_timestamp=#{##timestamp}, oauth_consumer_key = #{OAUTH_CONSUMER_KEY}, oauth_signature = #{signed_url}, oauth_versio n = #{OAUTH_VERSION}" }
request.post(url, nil,headers)
end
def timestamp
Time.now.to_i
end
I am trying to do what oauth does in an attempt to understand how to use the Authorization headers. I am also getting the following error. I am trying to connect to the linkedin API.
/usr/lib/ruby/1.8/net/http.rb:560:in 'initialize': getaddrinfo: Name or service not known (SocketError)
I would really appreciate it if someone could nudge me in the right direction.
"Name or service not known" is a socket-level error which usually points to either an invalid IP address/DNS hostname, or an unregistered port name (e.g. telnet the.host.name service where service is not a registered service name.)
Check that CONNECT_URL holds a valid URL.
EDIT: I'm not a Ruby programmer, but I wouldn't mind betting that Net::HTTP.new requires a hostname (e.g. www.facebook.com) as the first argument, not a complete URL (e.g. www.facebook.com/login.php?method=oauth).
You also get this error when you have no internet connection since a DNS lookup is often the first thing that happens when establishing a TCP connection using a hostname.
Unplug your network cable and try:
Socket.getaddrinfo("www.example.com", "http")
# => SocketError: getaddrinfo: nodename nor servname provided, or not known