Forbidden error : While fetching events from iCloud using caldav extension - icloud

URL -: https://pxx-caldav.icloud.com/token/calendars/calendarId
#"<C:calendar-query xmlns:D='DAV:'
xmlns:C='urn:ietf:params:xml:ns:caldav'>
<D:prop>
<D:getetag/>
<C:calendar-timezone xmlns:D='DAV:' xmlns:C='urn:ietf:params:xml:ns:caldav'></C:calendar-timezone>
<C:calendar-data>
<C:expand start='{0}'
end='{1}'/>
<C:comp name='VCALENDAR'>
<C:prop name='VERSION'/>
<C:comp name='VEVENT'>
<C:prop name='SUMMARY'/>
<C:prop name='DESCRIPTION'/>
<C:prop name='STATUS'/>
<C:prop name='TRANSP'/>
<C:prop name='ATTENDEE'/>
<C:prop name='UID'/>
<C:prop name='DTSTART'/>
<C:prop name='DTEND'/>
<C:prop name='DURATION'/>
<C:prop name='RRULE'/>
<C:prop name='RDATE'/>
<C:prop name='EXRULE'/>
<C:prop name='EXDATE'/>
<C:prop name='RECURRENCE-ID'/>
</C:comp>
</C:comp>
</C:calendar-data>
</D:prop>
<C:filter>
<C:comp-filter name='VCALENDAR'>
<C:comp-filter name='VEVENT'>
<C:time-range start='{0}'
end='{1}'/>
</C:comp-filter>
</C:comp-filter>
</C:filter>
</C:calendar-query>"
while retrieving events it gives forbidden error on some particular calendars of some accounts. While retrieving calendars it shows read/write access but while fetching events it gives error. It gives error on few calendars but error is continuous on them.
I am getting following error -:
<error> <supported-report /> </error>

Calendars are WebDAV collections with a DAV:resourcetype of C:calendar (see https://www.rfc-editor.org/rfc/rfc4791#section-4.2 ) but there are other types of collections (calendar home, scheduling inbox, dropbox, etc...).
What is most likely happening is that you are issuing a calendar query against a collection which is not a calendar collection, hence the supported-report error.
You need to retrieve the DAV:resourcetype property of each collection and, only if it is a calendar, issue the above report.

Related

How to set header to call soap service in mulesoft

I want to call one soap service through mulesoft.
To attach header to soap request body I used these links -Mule 3.7. Add custom SOAP header to web-service-consumer. As mentioned in this link, I have added "Message Properties" component before "Web Service Consumer", but I am getting below exception -
com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "soapenv" (for attribute "actor")
Also I tried it using Property component as mentioned here - https://dzone.com/articles/working-with-headers-in-mule-flows
Still I am not able to hit soap service. Is there any other way to add header to soap request body?
Header that i want to add to my soap request -
<wsse:Security soapenv:actor="AppID" soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>Pilot\ABCD</wsse:Username>
<wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yt15#58</wsse:Password>
</wsse:UsernameToken>
--Update- My code-
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns:dw="http://www.mulesoft.org/schema/mule/ee/dw" xmlns:ws="http://www.mulesoft.org/schema/mule/ws" xmlns:metadata="http://www.mulesoft.org/schema/mule/metadata" xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:spring="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/ws http://www.mulesoft.org/schema/mule/ws/current/mule-ws.xsd
http://www.mulesoft.org/schema/mule/ee/dw http://www.mulesoft.org/schema/mule/ee/dw/current/dw.xsd">
<ws:consumer-config name="Web_Service_Consumer_2" wsdlLocation="https://soa.abc.com/abcd_v4_0?wsdl" service="abcdService_vs0" port="xyz_Internal" serviceAddress=""https://soa.abc.com:56655/abcd_v4_0" doc:name="Web Service Consumer">
<ws:security>
<ws:wss-username-token username="user" password="password" passwordType="TEXT"/>
</ws:security>
</ws:consumer-config>
<sub-flow name="tempSub_Flow">
<set-property propertyName="soap.Security" value="<wsse:Security soapenv:actor="AppID" soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/></wsse:Security>" doc:name="Property"/>
<dw:transform-message doc:name="Transform Message">
<dw:set-payload><![CDATA[%dw 1.0
%output application/xml
%namespace ns0 urn:abc.com:schemas:gfr:a:b:service:2014-01-10
---
{
ns0#addTransaction:{
ns0#aTransaction: {
ns0#transactionCode: "xyz",
ns0#methodCode: "abc",
ns0#amount: flowVars.amount,
ns0#effectiveDate: now as :string {format: "yyyy-MM-dd"}
}
}
}]]></dw:set-payload>
</dw:transform-message>
<ws:consumer config-ref="Web_Service_Consumer_2" operation="addEftTransaction" doc:name="Web Service Consumer"/>
<dw:transform-message doc:name="Transform Message">
<dw:set-payload><![CDATA[%dw 1.0
%output application/java
%namespace ns0 urn:abc.com:schemas:gfr:a:b:service:2014-01-10
---
payload.ns0#addTransactionResponse.ns0#transactionNumber
]]></dw:set-payload>
</dw:transform-message>
</sub-flow>
</mule>
--- UPDATE ---
Two parts to the answer really, for the direct question of how to add SOAP headers, it looks like you might have missed declaring the namespace of soapenv for the Security element you were adding. For example, the below code should work for adding the "Security" header to the SOAP Envelope. The whole XML element must be defined, including any namespaces it uses.
<set-property propertyName="soap.Security" value="<wsse:Security soapenv:actor="AppID" soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><wsse:UsernameToken><wsse:Username>Pilot\ABCD</wsse:Username><wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yt15#58</wsse:Password></wsse:UsernameToken></wsse:Security>" doc:name="Set soap.Security"/>
That looks pretty unattractive though, and since you are adding a username/password security header then you probably want to add this directly into the security element of the Web Service Consumer configuration itself:
<ws:consumer-config name="WSConfig" wsdlLocation="MyService.wsdl" service="MyService" port="MyPort" serviceAddress="https://example.com" doc:name="Web Service Consumer">
<ws:security>
<ws:wss-username-token username="Pilot\ABCD" password="yt15#58" passwordType="TEXT"/>
</ws:security>
</ws:consumer-config>
The issue with the above is that it won't add the soapenv:actor="appId" attribute.
It looks like the security configuration on the WS consumer will overwrite the actor attribute. The below code mostly works on Mule 3.8 and uses the sample WSDL found here: https://github.com/skjolber/mockito-soap-cxf/tree/master/src/test/resources/wsdl
The first flow builds the request to the SOAP web service, the second flow just receives the request made by the first flow and logs it.
<mule xmlns:metadata="http://www.mulesoft.org/schema/mule/metadata"
xmlns:dw="http://www.mulesoft.org/schema/mule/ee/dw"
xmlns:ws="http://www.mulesoft.org/schema/mule/ws"
xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns="http://www.mulesoft.org/schema/mule/core"
xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:spring="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/ws http://www.mulesoft.org/schema/mule/ws/current/mule-ws.xsd
http://www.mulesoft.org/schema/mule/ee/dw http://www.mulesoft.org/schema/mule/ee/dw/current/dw.xsd">
<ws:consumer-config name="BankCustomerService_WS_Consumer" wsdlLocation="BankCustomerService.wsdl" service="BankCustomerService" port="BankCustomerServicePort" serviceAddress="http://localhost:8778/services/bankCustomer" doc:name="Web Service Consumer">
<ws:security>
<ws:wss-username-token username="user" password="password" passwordType="TEXT"/>
</ws:security>
</ws:consumer-config>
<http:listener-config name="HTTP_TestListener" host="0.0.0.0" port="8092" doc:name="HTTP Listener Configuration"/>
<http:listener-config name="HTTP_WebServiceStub" host="0.0.0.0" port="8778" doc:name="HTTP Listener Configuration"/>
<flow name="soapsandboxFlow">
<http:listener config-ref="HTTP_TestListener" path="/soap" doc:name="HTTP"/>
<set-property propertyName="soap.Security" value="<wsse:Security soapenv:actor="AppID" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" />" doc:name="Set soap.Security"/>
<dw:transform-message doc:name="Transform Message">
<dw:set-payload><![CDATA[%dw 1.0
%output application/xml
%namespace ns0 http://example.bank.skjolber.github.com/v1
---
{
ns0#getAccountsRequest: {
ns0#customerNumber: 987654321,
ns0#certificate: 1234
}
}]]></dw:set-payload>
</dw:transform-message>
<ws:consumer config-ref="BankCustomerService_WS_Consumer" operation="getAccounts" doc:name="Web Service Consumer"/>
</flow>
<flow name="soapsandboxFlow1">
<http:listener config-ref="HTTP_WebServiceStub" path="services/bankCustomer" doc:name="HTTP"/>
<logger message="#[message.payloadAs(String)]" level="INFO" doc:name="Logger"/>
</flow>
</mule>
Running a simple GET request to localhost:8092 creates a static web service request and sends that to through the WS Consumer Component. The logger in the stub prints out the entire SOAP envelope, which as shown below includes the security header, but not the actor attribute:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="UsernameToken-CA524029E5DEDE6E3715320371056746">
<wsse:Username>user</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<ns0:getAccountsRequest xmlns:ns0="http://example.bank.skjolber.github.com/v1">
<ns0:customerNumber>987654321</ns0:customerNumber>
<ns0:certificate>1234</ns0:certificate>
</ns0:getAccountsRequest>
</soap:Body>
</soap:Envelope>
I will do a bit more research to see if I can include the actor attribute in the security header. As this is a standard attribute I it should be possible. I will update this answer when I can.
Johnson.

Sometimes busy time is not retrieved from iCloud (Using Caldav) for specific calendar

<C:calendar-query xmlns:D='DAV:'
xmlns:C='urn:ietf:params:xml:ns:caldav'>
<D:prop>
<D:getetag/>
<C:calendar-timezone xmlns:D='DAV:' xmlns:C='urn:ietf:params:xml:ns:caldav'></C:calendar-timezone>
<C:calendar-data>
<C:expand start='20170116T031008Z'
end='20170131T031008Z'/>
<C:comp name='VCALENDAR'>
<C:prop name='VERSION'/>
<C:comp name='VEVENT'>
<C:prop name='SUMMARY'/>
<C:prop name='DESCRIPTION'/>
<C:prop name='STATUS'/>
<C:prop name='TRANSP'/>
<C:prop name='ATTENDEE'/>
<C:prop name='UID'/>
<C:prop name='DTSTART'/>
<C:prop name='DTEND'/>
<C:prop name='DURATION'/>
<C:prop name='RRULE'/>
<C:prop name='RDATE'/>
<C:prop name='EXRULE'/>
<C:prop name='EXDATE'/>
<C:prop name='RECURRENCE-ID'/>
</C:comp>
</C:comp>
</C:calendar-data>
</D:prop>
<C:filter>
<C:comp-filter name='VCALENDAR'>
<C:comp-filter name='VEVENT'>
<C:time-range start='20170116T031008Z'
end='20170131T031008Z'/>
</C:comp-filter>
</C:comp-filter>
</C:filter>
</C:calendar-query>
Hi, I am using caldav extension to retrieve busy time(by time range) from iCloud calendar. I am using a calendar query with a "REPORT" method. It gives XML having busy time for all calendars within the time range. But sometimes it doesn't give busy time for a particular calendar. Suppose I am having 3 calendars so, sometimes it gives busy times for all 3 calendars and sometimes for only 2 calendars(by leaving same calendar). If I retry for busy then it gives busy time after 7-8 retry. But Sometimes it doesn't give even after 7-8 retries. What is happening?
I didn't find a reason that why it is happening. But I have changed the process of busy time retrieval so that it brings busy time from all calendars. Previously I was hitting this request to URL - https://PXX-caldav.icloud.com/token/calendars which is not working for some specific calendars consistently.
New process-:
STEP 1: Hit the same request at https://PXX-caldav.icloud.com/token/calendars/calendarId this gives you urls of all the events within the time range from a calendar(for those as well for which I wast not able to retrieve busy time). Here, it gives events from calendar with id calendarId(your calendar's Id). It gives me xml in something following xml -:
<href>/token/calendars/calendarId/event1Id.ics</href>
<href>/token/calendars/calendarId/event2Id.ics</href>
<href>/token/calendars/calendarId/event3Id.ics</href>
Now you have to parse the xml to retrieve all the urls.
STEP2: After that you have all the urls, you have to hit single, multi-get request having these urls, at same url to retrieve data from these url and show them as busy time.
URL -: https://PXX-caldav.icloud.com/token/calendars/calendarId
Request -:
<C:calendar-multiget xmlns:d='DAV:' xmlns:C='urn:ietf:params:xml:ns:caldav'>
<d:prop>
<d:getetag />
<C:calendar-data>
<C:comp name='VCALENDAR'>
<C:prop name='VERSION'/>
<C:comp name='VEVENT'>
<C:prop name='SUMMARY'/>
<C:prop name='DESCRIPTION'/>
<C:prop name='STATUS'/>
<C:prop name='TRANSP'/>
<C:prop name='ATTENDEE'/>
<C:prop name='UID'/>
<C:prop name='DTSTART'/>
<C:prop name='DTEND'/>
<C:prop name='DURATION'/>
<C:prop name='RRULE'/>
<C:prop name='RDATE'/>
<C:prop name='EXRULE'/>
<C:prop name='EXDATE'/>
<C:prop name='RECURRENCE-ID'/>
</C:comp>
</C:comp>
</C:calendar-data>
</d:prop><d:href>/token/calendars/calendarId/event1Id.ics</d:href>
<d:href>/token/calendars/calendarId/event2Id.ics</d:href>
<d:href>/token/calendars/calendarId/event3Id.ics</d:href>
</C:calendar-multiget>
It gives you data for all three events. This helps you to retrieve busy time from every calendar. If you have to retrieve events from multiple calendars then you have to repeat these two steps for every calendar.

Getting vCards from iCloud using PHP

Searched thru serverfault.com, stackoverflow.com, apple.stackexchange.com, googled and still not getting far. Need someone to help.
I'm trying to get all vCards from iCloud accounts.
I'm starting from the plugin from Roundcube/CardDav.
From the articles such as:
stackoverflow.com/questions/24202551/manipulate-groups-in-icloud-with-carddav-protocol
sabre.io/dav/building-a-carddav-client/
sabre.io/dav/clients/osx-addressbook/
stackoverflow.com/questions/15111887/how-to-import-icloud-contacts-in-php#
tools.ietf.org/html/rfc6352#section-8.7.1
I managed to get the Principal, the Principal's address. But the last step of getting the card returns ContentLength of 0.
Here is what I do:
- use icloud email as username
- use icloud password
To get the Principal, using "https : / / contacts.icloud.com/" as URL, PROPFIND, DEPTH 0:
<?xml version="1.0" encoding="UTF-8"?>
<d:propfind xmlns:d="DAV:">
<d:prop>
<d:current-user-principal/>
</d:prop>
</d:propfind>
Response:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<multistatus xmlns="DAV:">
<response>
<href>/</href>
<propstat>
<prop>
<current-user-principal>
<href>/1331115018/principal/</href>
</current-user-principal>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
</multistatus>
Next, here is what I do to get the home, using "https : / /contacts.icloud.com/1331115018/principal/", PROPFIND, DEPTH 0:
<?xml version="1.0" encoding="UTF-8"?>
<d:propfind xmlns:d="DAV:" xmlns:card="urn:ietf:params:xml:ns:carddav">
<d:prop>
<card:addressbook-home-set/>
</d:prop>
</d:propfind>
Response:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<multistatus xmlns="DAV:">
<response>
<href>/1331115018/principal/</href>
<propstat>
<prop>
<addressbook-home-set xmlns="urn:ietf:params:xml:ns:carddav">
<href xmlns="DAV:">https://p44-contacts.icloud.com:443/1331115018/carddavhome/</href>
</addressbook-home-set>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
</multistatus>
Finally, here is what I do to try to get all the vCards, using https : / / p44-contacts.icloud.com:443/1331115018/carddavhome/, REPORT, DEPTH 1:
<?xml version="1.0" encoding="utf-8" ?>
<C:addressbook-multiget xmlns:D="DAV:" xmlns:C="urn:ietf:params:xml:ns:carddav">
<D:prop>
<D:getetag/>
<C:address-data>
<C:prop name="UID"/>
<C:prop name="EMAIL"/>
<C:prop name="FN"/>
</C:address-data>
</D:prop>
</C:addressbook-multiget>
Response:
<?xml version="1.0" encoding="UTF-8"?>
<multistatus xmlns="DAV:" xmlns:CD="urn:ietf:params:xml:ns:carddav" xmlns:CS="http://calendarserver.org/ns/">
</multistatus>
or
<?xml version="1.0" encoding="utf-8" ?>
<C:addressbook-query xmlns:D="DAV:" xmlns:C="urn:ietf:params:xml:ns:carddav">
<D:prop>
<D:getetag/>
<C:address-data>
<C:prop name="UID"/>
<C:prop name="EMAIL"/>
<C:prop name="FN"/>
</C:address-data>
</D:prop>
</C:addressbook-query>
Response:
<?xml version="1.0" encoding="UTF-8"?>
<multistatus xmlns="DAV:" xmlns:CD="urn:ietf:params:xml:ns:carddav" xmlns:CS="http://calendarserver.org/ns/">
<response>
<href>/1331115018/carddavhome/</href>
<propstat>
<prop> <getetag>"C=0#U=9123588c-8038-439c-a547-19c866d1ed06"</getetag>
<address-data xmlns="urn:ietf:params:xml:ns:carddav">
</address-data>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
</multistatus>
or
<?xml version="1.0" encoding="utf-8" ?>
<C:addressbook-query xmlns:D="DAV:" xmlns:C="urn:ietf:params:xml:ns:carddav">
<D:prop>
<D:getetag/>
<C:address-data>
<C:prop name="UID"/>
<C:prop name="EMAIL"/>
<C:prop name="FN"/>
</C:address-data>
</D:prop>
<C:prop-filter name="EMAIL">
<C:text-match collation="i;unicode-casemap" match-type="equals">me</C:text-match>
</C:prop-filter>
</C:filter>
</C:addressbook-query>
Response:
"Didn't understand the report"
What do I have to do?
The CardDAV home (your https://p44-contacts.icloud.com:443/1331115018/carddavhome/) contains the CardDAV collections (aka the 'address books'), not the vCards (which contain contacts and contact groups). You need to take one more hop.
You can list the addressbook collections in the home using a regular PROPFIND Depth 1 and then query those for the contacts with the report you specify. Like so:
PROPFIND /1331115018/carddavhome/ HTTP/1.1
Depth: 1
Host: p44-contacts.icloud.com:443
Authorization: ...
Content-Type: text/xml; charset=utf-8
Content-Length: ...
<propfind xmlns="DAV:">
<prop>
<displayname />
<resourcetype />
</prop>
</propfind>
This returns you the list of all sub-collections in the CardDAV home collection.
The collections which have an addressbook resourcetype are CardDAV addressbook collections and can be queried using an addressbook-query or addressbook-multiget report, using a sync-report if that is supported (iCloud does) or again using a simple PROPFIND. Depends on what you want.
Given an address book collection URL a 'real' client would usually use a sync-report to grab the URLs of all changed objects if the server supports that, or just grab the URLs, Content-Type and ETags of all contained vCards using a PROPFIND as a fallback. For example:
PROPFIND /1331115018/carddavhome/contacts/ HTTP/1.1
Depth: 1
Host: p44-contacts.icloud.com:443
Authorization: ...
Content-Type: text/xml; charset=utf-8
Content-Length: ...
<propfind xmlns="DAV:">
<prop>
<getetag />
<getcontenttype />
</prop>
</propfind>
This gives you the URLs of all objects in the address book collection. Which you can then retrieve using simple GETs or a multiget REPORT.
BTW: In your addressbook-multiget REPORT you do not list any vCard URLs, hence the result set will always be empty ... You can read about multiget in RFC 6352.
Note: In iCloud there is usually just one addressbook collection in the home, but in other servers it is quite common to have multiple. Also in some servers the CalDAV and CardDAV homes are the same collection (i.e. remember to actually check the resourcetype of the sub-collections in the respective home collections).
This is a great introduction on CardDAV: Building a CardDAV client.
Or this one on YouTube: FOSDEM 2009 CalDAV.
<card:addressbook-multiget xmlns:d="DAV:" xmlns:card="urn:ietf:params:xml:ns:carddav">
<d:prop>
<d:getetag />
<card:address-data />
</d:prop>
<d:href>/1331115018/carddavhome/card/vcard_UUID.vcf</d:href>
</card:addressbook-multiget>
Let try this in the REPORT Request.
Getting your credentials: https://github.com/muhlba91/icloud/blob/master/groovy_java/gui-2.1.0.zip! Keep in mind: https://support.apple.com/en-us/HT204397
Getting your vCards: https://github.com/andig/carddav2fb - just use the download command: php carddav2fb download yourdownload.vcf

Consume WSO2 admin services via Javascript

I am trying to consume WSO2 admin services, specifically in the Identity Server. I want create a new tenant. I consume TenantMgtAdminService (https://127.0.0.1:9443/services/TenantMgtAdminService?wsdl), function addTenant. For consume this service I am using jaggery. This is my code:
<%
function tenant() {
var log = new Log();
var ws = require('ws');
var version = new ws.WSRequest();
var options = new Array();
options.useSOAP = 1.2;
options.useWSA = 1.0;
options.action = "urn:addTenant";
var payload = '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.mgt.tenant.carbon.wso2.org" xmlns:xsd="http://beans.common.stratos.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<ser:addTenant>
<ser:tenantInfoBean>
<xsd:active>true</xsd:active>
<xsd:admin>admin</xsd:admin>
<xsd:adminPassword>admin</xsd:adminPassword>
<xsd:createdDate>2016-01-11T11:15:04-04:00</xsd:createdDate>
<xsd:email>maikelf#mymail.com</xsd:email>
<xsd:firstname>Manuel</xsd:firstname>
<xsd:lastname>Fdez</xsd:lastname>
<xsd:originatedService>mymail.com</xsd:originatedService>
<xsd:successKey>test</xsd:successKey>
<xsd:tenantDomain>mymail.com</xsd:tenantDomain>
<xsd:tenantId>4</xsd:tenantId>
<xsd:usagePlan>demo</xsd:usagePlan>
</ser:tenantInfoBean>
</ser:addTenant>
</soapenv:Body>
</soapenv:Envelope>';
var result;
try {
version.open(options, "https://127.0.0.1:9443/services/TenantMgtAdminService", false, "admin", "admin");
version.send(payload);
} catch (e) {
log.error(e.toString());
return e.toString();
}
return result;
}
print(tenant());
%>
The value of payload is taked of SOAPUI
In soapui
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.mgt.tenant.carbon.wso2.org" xmlns:xsd="http://beans.common.stratos.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<ser:addTenant>
<!--Optional:-->
<ser:tenantInfoBean>
<!--Optional:-->
<xsd:active>true</xsd:active>
<!--Optional:-->
<xsd:admin>admin</xsd:admin>
<!--Optional:-->
<xsd:adminPassword>admin</xsd:adminPassword>
<!--Optional:-->
<xsd:createdDate>2016-01-11T11:15:04-04:00</xsd:createdDate>
<!--Optional:-->
<xsd:email>maikelf#mymail.com</xsd:email>
<!--Optional:-->
<xsd:firstname>Manuel</xsd:firstname>
<!--Optional:-->
<xsd:lastname>Fdez</xsd:lastname>
<!--Optional:-->
<xsd:originatedService>mymail.com</xsd:originatedService>
<!--Optional:-->
<xsd:successKey>test</xsd:successKey>
<!--Optional:-->
<xsd:tenantDomain>mymail.com</xsd:tenantDomain>
<!--Optional:-->
<xsd:tenantId>4</xsd:tenantId>
<!--Optional:-->
<xsd:usagePlan>demo</xsd:usagePlan>
</ser:tenantInfoBean>
</ser:addTenant>
</soapenv:Body>
</soapenv:Envelope>
The result that I get is this error:
JavaException: org.jaggeryjs.scriptengine.exceptions.ScriptException: Error occured while invoking the service
In Identity Server console
[2016-01-13 15:16:10,848] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin#carbon.super [-1234]' logged in at [2016-01-13 15:16:10, 847-0500]
[2016-01-13 15:16:17,275] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin#carbon.super [-1234]' logged in at [2016-01-13 15:16:17, 275-0500]
In the Jaggery console
[2016-01-13 15:28:05,052] ERROR {org.jaggeryjs.hostobjects.ws.WSRequestHostObject} - Error occured while invoking the serviceorg.apache.axis2.AxisFault: namespace mismatch require http://services.mgt.tenant.carbon.wso2.org found http://schemas.xmlsoap.org/soap/envelope/
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:367)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:413)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:224)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:554)
at org.jaggeryjs.hostobjects.ws.WSRequestHostObject.jsFunction_send(WSRequestHostObject.java:362)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386)
at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
at org.jaggeryjs.rhino.jtest.c32._c_tenant_1(/jtest//index.jag:16)
at org.jaggeryjs.rhino.jtest.c32.call(/jtest//index.jag)
at org.mozilla.javascript.optimizer.OptRuntime.callName0(OptRuntime.java:74)
at org.jaggeryjs.rhino.jtest.c32._c_script_0(/jtest//index.jag:24)
at org.jaggeryjs.rhino.jtest.c32.call(/jtest//index.jag)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
at org.jaggeryjs.rhino.jtest.c32.call(/jtest//index.jag)
at org.jaggeryjs.rhino.jtest.c32.exec(/jtest//index.jag)
at org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:577)
at org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:280)
at org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:298)
at org.jaggeryjs.jaggery.core.JaggeryServlet.doGet(JaggeryServlet.java:24)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:690)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:477)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:369)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:329)
at org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:172)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
[2016-01-13 15:28:05,058] ERROR {JAGGERY.index:jag} - JavaException: org.jaggeryjs.scriptengine.exceptions.ScriptException: Error occured while invoking the service
The recommended approach to utilize admin services is to utilize the Jaggery WSStub [1].
Sample WSStub Code
<%
var ws = require('ws');
var stub = new ws.WSStub('https://localhost:9443/services/OAuth2TokenValidationService?wsdl');
var tokenValidator = stub.services['OAuth2TokenValidationService'].operations['findOAuthConsumerIfTokenIsValid'];
var validationResult = tokenValidatorrequest(accsessToken);
%>
Since the above service is an admin service, a valid user name and
password needs to be provided in order to consume the service.
Please follow the recommended approach to access admin services.
[1].http://jaggeryjs.org/documentation.jag?api=wsstub

Error invoking IssueToken operation on WSO2 Identity Server Security Token Service

I'm getting a cryptic error message - Wrong element order encountred at Reason
Here's a summary of what I am doing:
I’ve applied the UsernameToken security policy to the Security Token
Service.
I've added my app (http://localhost:3000/) as a trusted service.
I attempt to invoke the IssueToken operation at
https://localhost:9443/services/wso2carbon-sts.wso2carbon-stsHttpsSoap12Endpoint/
Using this message:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
<a:To s:mustUnderstand="1">https://localhost:9443/services/wso2carbon-sts.wso2carbon-stsHttpsSoap12Endpoint/</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken u:Id="uuid-6a13a244-dac6-42c1-84c5-cbb345b0c4c4-1">
<o:Username>user1</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<a:EndpointReference>
<a:Address>http://localhost:3000/</a:Address>
</a:EndpointReference>
</wsp:AppliesTo>
<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
<trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</trust:TokenType>
</trust:RequestSecurityToken>
</s:Body>
</s:Envelope>
I get this error:
<html><head><title>Apache Tomcat/7.0.34 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - Wrong element order encountred at Reason</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>Wrong element order encountred at Reason</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.apache.axiom.om.impl.exception.OMBuilderException: Wrong element order encountred at Reason
org.apache.axiom.soap.impl.builder.SOAP12BuilderHelper.handleEvent(SOAP12BuilderHelper.java:94)
org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.constructNode(StAXSOAPModelBuilder.java:429)
org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.createOMElement(StAXSOAPModelBuilder.java:273)
org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.createNextOMElement(StAXSOAPModelBuilder.java:234)
org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:249)
org.apache.axiom.om.impl.dom.NodeImpl.build(NodeImpl.java:447)
org.apache.axiom.om.impl.dom.ParentNode.getChildNodes(ParentNode.java:168)
org.apache.ws.security.util.WSSecurityUtil.findChildElement(WSSecurityUtil.java:596)
org.apache.ws.security.util.WSSecurityUtil.findWsseSecurityHeaderBlock(WSSecurityUtil.java:717)
org.apache.ws.security.message.WSSecHeader.insertSecurityHeader(WSSecHeader.java:145)
org.apache.rampart.RampartMessageData.<init>(RampartMessageData.java:406)
org.apache.rampart.MessageBuilder.build(MessageBuilder.java:61)
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
org.apache.axis2.engine.Phase.invoke(Phase.java:313)
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
org.apache.axis2.engine.AxisEngine.sendFault(AxisEngine.java:515)
org.apache.axis2.transport.http.AxisServlet.handleFault(AxisServlet.java:433)
org.apache.axis2.transport.http.AxisServlet.processAxisFault(AxisServlet.java:398)
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:188)
org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231)
javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.34 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.34</h3></body></html>
Any ideas on what I am doing wrong?
I am not sure about the exact error that you mentioned. But, if i just look, i could see that timestamp has been missed in the security header. However i would copy the request message that i tried out...I use this message with SOAPUI to get the SAML Assertion from the STS service.. I guess this may help you.. If you are using this message, Please consider about timestamp value.. you can change it as it is not signed.
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Header xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="true">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
<wsu:Created>2014-03-04T17:53:57.033Z</wsu:Created>
<wsu:Expires>2014-03-04T17:58:57.033Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2">
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<wsa:To>https://localhost:9443/services/wso2carbon-sts</wsa:To>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:MessageID>urn:uuid:258de3bc-c053-4b41-93d5-5d292a896b3a</wsa:MessageID>
<wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>
</soapenv:Header>
<soapenv:Body>
<wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
<wst:Lifetime>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-03-04T17:53:56.768Z</wsu:Created>
<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-03-04T17:58:56.768Z</wsu:Expires>
</wst:Lifetime>
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/Bearer</wst:KeyType>
<wst:Claims xmlns:wsp="http://schemas.xmlsoap.org/ws/2005/02/trust" wsp:Dialect="http://wso2.org/claims">
<wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://wso2.org/claims/emailaddress"></wsid:ClaimType>
<wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://wso2.org/claims/givenname"></wsid:ClaimType>
</wst:Claims>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope>