Calculating values in SOAP envelope

If you run Fiddler when authenticating to SDL Knowledge Center, you see:

  1. A POST to /InfoShareSTS/issue/wstrust/mixed/username that sends the credentials. 
  2. The client receives a response that contains a large <xenc:EncryptedData> element.
  3. The client sends (almost unmodified) the <xenc:EncryptedData> in a POST to /InfoShareWS/Wcf/API25/Application.

But appended after this <xenc:EncryptedData> block in step 3 is a <Signature> block that contains a <DigestValue> and <SignatureValue>.

How is the <DigestValue> calculated?

How is the <SignatureValue> calculated?

Parents Reply Children
  • I'm working on a Python client for SDL using the WCF/SVC endpoints. Since the main Python library for SOAP (zeep) doesn't support all the expected protocols, I'm manually building the SOAP header and body. I've completed the first round of message exchanges, but to continue I need to generate a valid value for both <DigestValue> and <SignatureValue>. Do you know how Publication Manager does this? 

  • In Publication Manager this is solved through the Microsoft WCF components offered by the .NET Framework (and before by Microsoft Windows Identity Framework (WIF)). In essence Publication Manager does it very similar to the open-sourced API client 'ISHRemote'

    For example in https://github.com/sdl/ISHRemote/blob/master/Source/ISHRemote/Trisoft.ISHRemote/InfoShareWcfConnection.cs you'll recognize ChannelFactory. But the magic on the SOAP envelope is hidden in .NET.

    Personally I think it is pretty courageous to build that up from scratch. As an alternative the Content Manager on your version still holds the DEPRECATED ASMX based API. This one is probably quite a lot faster to get working in python but is going to be removed eventually (at the time of writing it will still be available in upcoming Tridion Docs 14, then again still deprecated).

    Adding some reasons for deprecation... First it relies on the built-in security system so where the CMS owns the username and the password which is not where the world is heading. Second, the ASMX-based SOAP implementation is old and bypassed by various other standards - then again that makes that there are a lot of libraries to help you implement it.

  • Hi tintinno, 

    Were you successful in creating code that connects to the API using Python?

    Personally - I tried the same thing in javascript (Nodejs), but quickly realized how hard it was to figure out how to format the request XML. 

    The only success I had was by using SoapUI to properly build SOAP header and Body. My workflow was - build a working request in SOAPUI, and replicate in javascript. 

    Admittedly, I decided to build a seperate micro service using Dotnet to connect to Tridion, since it just turned out to be fairly challenging to get things working with javascript. 

    Good luck, and please share if you have success. 

  • Hi Krishna,

    I wasn't able to connect with Python using the WCF/SVC endpoints. But I was able to access the API with Python using the ASMX endpoints.

    You can see this brief example of using Python to authenticate to SDL's old API: https://gist.github.com/tintinno/4e8953259c8588332e2a7bf96dc8aa13

    Hope that helps!