The mailing list for listmasters using Sympa

["Goltz, Immo" <address@concealed>]

Hi Amos,

one crucial requirement of our developers was that the interface 

supports WSE compliant authentification scheme with UsernameToken WSSE headers.

I learned that's a widely used standard and easy to use within the existing frameworks. They care about all the needed stuff and create the header. You only need to feed username and password.

As an example, SOAP UI generates a call like this:

POST https://HOSTNAME/sympasoap11/ HTTP/1.1

Accept-Encoding: gzip,deflate

Content-Type: text/xml;charset=UTF-8

SOAPAction: ""

Content-Length: 1014

Host: HOSTNAME

Connection: Keep-Alive

User-Agent: Apache-HttpClient/4.5.5 (Java/21.0.5)

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sym="http://listen.goethe.de/schemas/sympa">

   <soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken wsu:Id="UsernameToken-xxxxxxxxx"><wsse:Username>USERNAME</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">xxxxxxxxxxxxxxx</wsse:Nonce><wsu:Created>2025-01-17T08:35:56.941Z</wsu:Created></wsse:UsernameToken></wsse:Security></soapenv:Header>

   <soapenv:Body>

      <sym:getVersionRequest/>

   </soapenv:Body>

</soapenv:Envelope>

From Sympa perspective you create a user and give the appropriate rights.

Immo

 

---

Von: Amos <address@concealed>
Gesendet: Donnerstag, 16. Januar 2025 22:24
An: Goltz, Immo <address@concealed>
Cc: sympa-users <address@concealed>
Betreff: [EXTERN] Re: [en@sympa] alternative SOAP implementation for Sympa

 

On Fri, Dec 13, 2024 at 8:08 AM Goltz, Immo <address@concealed> wrote:

A long time ago (Sympa 6.1.x) we started building an alternative SOAP implementation for Sympa. The project was stopped but revived around Sympa 6.2.42. Mainly the xsd/wsdl describing a lot of methods survived. The code was rewritten but only for really needed methods. Fortunately, with Sympa 6.2 it was much easier. SOAP is handled by Mark Overmeer's great XML::Compile libraries.

We have it (as well as Sympa) in production for about 2 years now.

However, it is not very clean, needs some polishing and probably changes for Sympa 6.2.72 (see branch, but it works with it).

Nonetheless it might be of some help for the community.  Feel free to use, fork, comment, improve.

https://github.com/Goethe-Institut-e-V/sympa-soap11

Kind Regards,

Immo 

Thanks for this! I’m not terribly familiar with using SOAP. How is authentication handled?

Amos

Achtung! Externe E-Mail. Bitte keine Links oder Anhänge anklicken, außer Absender*in ist bekannt und der Inhalt sicher.
[Caution! External email. Do not open attachments or click links, unless this email was received from a known source/sender and you know the content is safe.]