vsphere-automation-sdk-python icon indicating copy to clipboard operation
vsphere-automation-sdk-python copied to clipboard

Published 20 hours ago verified publisher icon vmware

Need help retrieving Hok token

Open VedaNiks opened this issue 3 years ago • 1 comments

I am new here. I have not used vsphere SDK before. I am trying to get a hok token for my use case. I have created a private key and certificate using OpenSSL. I am using them to get a hok token.

Code below:

sso_url = "https://vcenter-ip/sts/STSService/vsphere.local"
authenticator = sso.SsoAuthenticator(sso_url)
context = get_unverified_context()
saml_token = authenticator.get_bearer_saml_assertion('username',
                                                     'password',
                                                     delegatable=True,
                                                     ssl_context=context,
                                                     )

hok_token = authenticator.get_hok_saml_assertion(ssl_context=context,
                                                 public_key=PUBLIC_KEY_PATH,
                                                 private_key=PRIVATE_KEY_PATH,
                                                 act_as_token=saml_token
                                                 )
print(hok_token)

This gave me below error:

Traceback (most recent call last): File "C:/Users/ntelkunte/vsphere-automation-sdk-python/samples/vsphere/common/vim/retrieve_saml_token.py", line 40, in main() File "C:/Users/ntelkunte/vsphere-automation-sdk-python/samples/vsphere/common/vim/retrieve_saml_token.py", line 21, in main hok_token = authenticator.get_hok_saml_assertion(ssl_context=context, File "C:\Users\ntelkunte\vsphere-automation-sdk-python\samples\vsphere\common\sso.py", line 595, in get_hok_saml_assertion hok_token = self.perform_request(soap_message, File "C:\Users\ntelkunte\vsphere-automation-sdk-python\samples\vsphere\common\sso.py", line 271, in perform_request raise SoapException(fault, *parsed_fault) samples.vsphere.common.sso.SoapException: SoapException: faultcode: ns0:FailedAuthentication faultstring: Invalid credentials faultxml: <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope">ns0:FailedAuthenticationInvalid credentials</S:Fault></S:Body></S:Envelope>

I've tried calling get_hok_saml_assertion without act_as_token parameter as well but getting the same error. I've verified that I am able to get saml_token with provided credentials.

I've also tried, merging below code in external_psc_sso_workflow.py but still getting the same error.

Can someone please tell me what I am doing wrong? If anyone already has implemented this, can you please provide sample program for this?

Thanks in advance!

Reproduction steps

1. Install required python packages for vsphere-automation-sdk-python
2. Create a private key and certificate using OpenSSL
3. Try to retrieve holder of key token using "get_hok_saml_assertion" function.
...

Expected behavior

Should be able retrieve holder of key token using get_hok_saml_assertion function

Additional context

No response

VedaNiks avatar Aug 04 '22 07:08 VedaNiks

Isn't it a pyVmomi call, https://github.com/vmware/pyvmomi/blob/master/pyVim/connect.py#L133 ? May be you can triage this from above PyVmomi call.

There is no issue with this module as LoginByToken() is the commonly used.

jobingeo avatar Aug 22 '22 07:08 jobingeo