Hi,
We are getting SecurityError issue while executing vmware PBM APIs.
We have passed session-id for execution of PBM APIs .
Following are the steps followed to pass session-id for PBM APIs:
==================================================================
- Execute Login() vmware SDK API to login into vCenter Server
- Find Session-id from response header called Set-Cookie. Store this session-id
- Pass this session-id in custom header while executing PBM API like PbmQueryProfile()
==================================================================
1)Execute Login vmware API:
We are executing login() vmware SDK API which returns a session-id in response. It also returns session-key in response.
Following is the response of login() API:
===========================================================================================
HTTP/1.1 200 OK
Date: Wed, 4 May 2016 06:17:15 GMT
Set-Cookie: vmware_soap_session="22fd25ebe4cd71ceea20d70cf867f1c69fddfcd6"; Path=/; HttpOnly; Secure;
Cache-Control: no-cache
Connection: Keep-Alive
Content-Type: text/xml; charset=utf-8
Content-Length: 839
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<LoginResponse xmlns="urn:vim25"><returnval><key>52af2b2f-c56e-5d94-f35c-3c63a475dcc5</key><userName>Administrator</userName><fullName>Administrator </fullName><loginTime>2016-05-04T06:17:15.74788Z</loginTime><lastActiveTime>2016-05-04T06:17:15.74788Z</lastActiveTime><locale>en_US</locale><messageLocale>en_US</messageLocale><extensionSession>false</extensionSession><ipAddress>198.18.3.215</ipAddress><userAgent>Apache-HttpClient/4.1.1 (java 1.5)</userAgent><callCount>0</callCount></returnval></LoginResponse>
</soapenv:Body>
</soapenv:Envelope
=========================================================================================================================
2) Find Session-id from response header called Set-Cookie. Store this session-id
Set-Cookie has the session-id for the session as per few documents.
=========================================================================================
Set-Cookie: vmware_soap_session="22fd25ebe4cd71ceea20d70cf867f1c69fddfcd6"; Path=/; HttpOnly; Secure;
=========================================================================================
We also get session-key in login API response:
============================================
<key>52af2b2f-c56e-5d94-f35c-3c63a475dcc5</key>
============================================
3)Pass this session-id while executing PBM API PbmQueryProfile():
For execution of PBM API, we are creating a custom header and passing the same session-id.
We have tried to execute API by setting following values for the cookie:
======================================================================================
- Cookie: vcSessionCookie="22fd25ebe4cd71ceea20d70cf867f1c69fddfcd6"; Path=/; HttpOnly; Secure;
- Cookie: vmware_soap_session="22fd25ebe4cd71ceea20d70cf867f1c69fddfcd6"; Path=/; HttpOnly; Secure;
- Cookie: vcSessionCookie="52af2b2f-c56e-5d94-f35c-3c63a475dcc5”; Path=/; HttpOnly; Secure; [with Session-key]
- Cookie: vcSessionCookie="52af2b2f-c56e-5d94-f35c-3c63a475dcc5”; Path=/; HttpOnly; Secure; [with Session-key]
====================================================================================
But still we are getting Security Error while executing Vmware PBM APIs.
Request:
====================================================================================
POST https://198.18.3.217/pbm HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: "urn:pbm/2.0"
Cookie: vcSessionCookie=22fd25ebe4cd71ceea20d70cf867f1c69fddfcd6;
Content-Length: 515
Host: 198.18.3.217
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:pbm">
<soapenv:Header/>
<soapenv:Body>
<urn:PbmQueryProfile>
<urn:_this type="PbmProfileProfileManager">ProfileManager</urn:_this>
<urn:resourceType>
<urn:resourceType>STORAGE</urn:resourceType>
</urn:resourceType>
<!--Optional:-->
<urn:profileCategory></urn:profileCategory>
</urn:PbmQueryProfile>
</soapenv:Body>
</soapenv:Envelope>
====================================================================================
Response:
====================================================================================
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<soapenv:Fault>
<faultcode>ServerFaultCode</faultcode>
<faultstring/>
<detail>
<RuntimeFaultFault xsi:type="vim25:SecurityError" xmlns="urn:pbm" xmlns:pbm="urn:pbm" xmlns:vim25="urn:vim25"/>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
====================================================================================
Questions:
- Is there any issue with value of session-id ? or is there any issue with the way we are passing the session-id.
- Do we need to use some other API to extract session-id string?
- We want to avoid single sign-on API here to get session-id. Is it must to use Single Sign-on APIs to get session-id?