When I view the raw request in SOAPUI i get = wsse:Security soapenv:mustUnderstand="1"
in the <soapenv:Header>
section. When doing it with zeep and python i do not see this in the request sent to the server - and i'm getting securuty issues in the application logs
from zeep import Client
from zeep.transports import Transport
from zeep import xsd
from zeep.wsse.username import UsernameToken
from zeep.wsse.utils import get_security_header
from requests import Session
request_data = {
'idNumber': 'someID',
'encryptedPin': 'encPin0101='
}
header_value = {
"wsse":{
"mustUnderstand":'1'
}
}
wsdl = 'http://someURL/AuthenticationWS?WSDL'
# session = Session()
# session.verify = True
# transport = Transport(session=session,
# operation_timeout=10)
cl = Client(wsdl=wsdl,
wsse=UsernameToken('username', 'password', use_digest=True))
def send_request(client, data):
return client.service.authenticateCustomer(data)
node = cl.create_message(cl.service, 'authenticateCustomer',
idNumber='someID',
encryptedPin='encPin=')
from lxml import etree
print('###########')
print(etree.tostring(node))
print('###########')
print(send_request(cl, request_data))
The first print out works, i see the information i need except the mustunderstand=1 The second print bugs out - i get 'fault occurred' and the app log gives security related errors making me think this is the mustunderstand thing and i've tried different things
I've tried to do this with soapheader as explained in these locations without success:
How do I add attributes to header authentication in Zeep?
Adding session\transport stuff didnt popup that header i required. I'm busy looking thru
https://pydoc.net/zeep/2.5.0/zeep.wsse.signature/
in order to understand the `get_security_header` thing but i'm not winning with this :( other resources ive looked at:
https://stackoverflow.com/questions/62924433/zeep-with-complex-header
https://docs.python-zeep.org/en/master/headers.html
https://stackoverflow.com/questions/44330748/how-to-comply-with-policy-defined-in-wsdl
I used https://github.com/suds-community/suds instead which has simple methods to add these security tokens:
security = Security()
token = UsernameToken('username', 'password')
token.setnonce()
token.setcreated()
token.setnonceencoding(True)
token.setpassworddigest('digest')
security.tokens.append(token)
client = Client('http://someURL/AuthenticationWS?WSDL')
client.set_options(wsse=security)
client.service.logCustomerInNoAuth('id_number', id_number))
So much easier
suds is very slow, not maintained (use suds-py3 instead) and most of all it is very lengthy to create/customise the layout of the message (zeep allows you to pass it a nested dict)
@Pynchia - suds-community was last updated this past Jan, but thank you - i was looking for python3 alternative too