Hi,
I've spent some time now trying to get my ruby script to talk to a SSL
SOAP server.
I'm using this soap/property file:
client.protocol.http.ssl_config.verify_mode =
OpenSSL::SSL::VERIFY_NONE
client.protocol.http.basic_auth.1.url =
https://servername/path/to/file.wsdl
client.protocol.http.basic_auth.1.userid = username
client.protocol.http.basic_auth.1.password = password
And here's my simple ruby script:
gem 'soap4r'
require 'httpclient'
require 'soap/wsdlDriver'
wsdl = '
https://servername/path/to/file.wsdl'
soap = SOAP::WSDLDriverFactory.new(wsdl).create_rpc_driver
soap.wiredump_dev = STDOUT
puts soap.someServerMethod(:argName => "*")
This is returning a "401" Access denied error.
So I looked at the wiredump and noticed that upon request the "WWW-
Authenticate" field is missing from the request header (not sure if it
should be there). Notice that the response does have this field.
Also it the username and password are being sent in clear text, and
not encoded at all. It seems to me that basic auth should encode the
credentials.
Here's what the request and response look like:
= Request
! CONNECT TO SERVERNAME:80
! CONNECTION ESTABLISHED
POST /CCMApi/AXL/V1/SOAPISAPI.dll HTTP/1.1
SOAPAction: "
http://www.cisco.com/AXLPort/listPhoneByName"
Content-Type: text/xml; charset=utf-8
User-Agent: SOAP4R/1.5.8 (/187, ruby 1.8.6 (2007-09-24) [i386-
mswin32])
Date: Mon, 09 Jun 2008 22:30:11 GMT
Content-Length: 622
Host: SERVERNAME
<?xml version="1.0" encoding="utf-8" ?>
<env:Envelope xmlns:xsd="
http://www.w3.org/2001/XMLSchema"
xmlns:env="
http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance">
<env:Header>
<n1:authHeader xmlns:n1="urn:
tempuri.org"
env:mustUnderstand="1">
<n1:passwd>username</n1:passwd>
<n1:userid>password</n1:userid>
</n1:authHeader>
</env:Header>
<env:Body>
<n2:listPhoneByName xmlns:n2="
http://www.cisco.com/AXL/API/1.0">
<searchString>*</searchString>
</n2:listPhoneByName>
</env:Body>
</env:Envelope>
= Response
HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Mon, 09 Jun 2008 19:30:23 GMT
WWW-Authenticate: Basic realm="SERVERNAME"
Connection: close
Content-Length: 4431
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
...
This is usually caused by a server-side script not sending the
proper WWW-Authenticate heade
r field. Using Active Server Pages scripting this is done by using the
<strong>AddHeader</strong> me
thod of the <strong>Response</strong> object to request that the
client use a certain authentication
method to access the resource.
...
</html>
! CONNECTION CLOSED
Any help would be appreciated.