wsHttpBinding client fails: the message could not be processed

[nicostubi]

Hello,

1. The version of zeep: 3.2.0

2. The WSDL: wsdl.txt

3. My script (do not forget to replace username and password with your values). The line result = client.service.GetTest("Hello World") returns the error under point 5.

from zeep import Client, Settings
from zeep.wsse.username import UsernameToken

print("Calling web service")
wsdl = 'http://localhost:8081/test?singlewsdl'

client = Client(wsdl, wsse=UsernameToken('username','password'))
print(client.wsdl)

result = client.service.GetTest("Hello World")
print(result)

4. You can run the client using the exe in this zip file WcfServiceLibraryTest.zip

5. The error (I guess the soap message is not well generated and does not contain the proper security element expected by the wsHttpBinding):

Calling web service
<WSDL(location='http://localhost:8081/test?singlewsdl')>
Traceback (most recent call last):
  File "c:\program files (x86)\microsoft visual studio\2017\community\common7\ide\extensions\microsoft\python\core\ptvsd_launcher.py", line 119, in <module>
    vspd.debug(filename, port_num, debug_id, debug_options, run_as)
  File "c:\program files (x86)\microsoft visual studio\2017\community\common7\ide\extensions\microsoft\python\core\Packages\ptvsd\debugger.py", line 37, in debug
    run(address, filename, *args, **kwargs)
  File "c:\program files (x86)\microsoft visual studio\2017\community\common7\ide\extensions\microsoft\python\core\Packages\ptvsd\_local.py", line 64, in run_file
    run(argv, addr, **kwargs)
  File "c:\program files (x86)\microsoft visual studio\2017\community\common7\ide\extensions\microsoft\python\core\Packages\ptvsd\_local.py", line 125, in _run
    _pydevd.main()
  File "c:\program files (x86)\microsoft visual studio\2017\community\common7\ide\extensions\microsoft\python\core\Packages\ptvsd\_vendored\pydevd\pydevd.py", line 1752, in main
    globals = debugger.run(setup['file'], None, None, is_module)
  File "c:\program files (x86)\microsoft visual studio\2017\community\common7\ide\extensions\microsoft\python\core\Packages\ptvsd\_vendored\pydevd\pydevd.py", line 1099, in run
    return self._exec(is_module, entry_point_fn, module_name, file, globals, locals)
  File "c:\program files (x86)\microsoft visual studio\2017\community\common7\ide\extensions\microsoft\python\core\Packages\ptvsd\_vendored\pydevd\pydevd.py", line 1106, in _exec
    pydev_imports.execfile(file, globals, locals)  # execute the script
  File "c:\program files (x86)\microsoft visual studio\2017\community\common7\ide\extensions\microsoft\python\core\Packages\ptvsd\_vendored\pydevd\_pydev_imps\_pydev_execfile.py", line 25, in execfile
    exec(compile(contents+"\n", file, 'exec'), glob, loc)
  File "C:\Users\nicol\source\repos\PythonZeepClient\PythonZeepClient\class1.py", line 10, in <module>
    result = client.service.GetTest("Hello World")
  File "C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python36_64\lib\site-packages\zeep\proxy.py", line 42, in __call__
    self._op_name, args, kwargs)
  File "C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python36_64\lib\site-packages\zeep\wsdl\bindings\soap.py", line 132, in send
    return self.process_reply(client, operation_obj, response)
  File "C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python36_64\lib\site-packages\zeep\wsdl\bindings\soap.py", line 194, in process_reply
    return self.process_error(doc, operation)
  File "C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python36_64\lib\site-packages\zeep\wsdl\bindings\soap.py", line 349, in process_error
    subcodes=subcodes)
zeep.exceptions.Fault: The message could not be processed. This is most likely because the action 'http://tempuri.org/IService1/GetTest' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.
Press any key to continue . . .

Best Regards, Nicolas

[karrika]

Thanks for bringing this up. I have trying to solve this for a month with UK Hydrographic Service in vain. Obviously the only working solution today is to use C# and Windows.

[nicostubi]

Thanks for the info. It helps understand the degree of maturity of zeep - especially with wsHttpBinding.

We had good results with basicHttpBinding (both no authentication and authentication with NTLM).

I read in the documentation that the wsHttp support is experimental at this stage.

Any plans to fully support it in the future? Anybody else can share their experience with what is working/not working with zeep and web services, especially with WCF/SOAP services?

[HodaSadatJafari]

Hi, I have exact same problem. is there any solution to this except using c#? any other alternative python packages that we can use for wsHttpBinding client? Thanks Hoda

[nicostubi]

Hi @HodaJafari

I've most of these solutions, no luck:

https://stackoverflow.com/questions/206154/what-soap-client-libraries-exist-for-python-and-where-is-the-documentation-for

Let me know if you have better results.

Regards, Nico

[andreabisello]

same problem here. the problem looks like the SecurityContextToken and Signature tag are totally missing. maybe i have not understand how to use, but i think zeep shuld generate also these two tags before calling the method.

for example this is the same metod call from c# and from zeep (some informations are deleted for privacy issues)

c#

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
    xmlns:a="http://www.w3.org/2005/08/addressing"
    xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <a:Action s:mustUnderstand="1">http://tempuri.org/IRepositoryService/getRepositoryInfo</a:Action>
        <a:MessageID>urn:uuid:099d2a95-940a-41c7-960d-bd4f216aaXXX</a:MessageID>
        <a:ReplyTo>
            <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
        </a:ReplyTo>
        <a:To s:mustUnderstand="1">https://xxx.yyy.com/RepositoryService.svc</a:To>
        <o:Security s:mustUnderstand="1"
            xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <u:Timestamp u:Id="_0">
                <u:Created>2021-02-04T09:19:33.387Z</u:Created>
                <u:Expires>2021-02-04T09:24:33.387Z</u:Expires>
            </u:Timestamp>
            <c:SecurityContextToken u:Id="uuid-e0e55926-58dd-4abc-8cdc-1e6d3a480a0e-454"
                xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
                <c:Identifier>urn:uuid:3ef91180-ec7f-43b3-a179-40462b737XXX</c:Identifier>
            </c:SecurityContextToken>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                <SignedInfo>
                    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
                    <Reference URI="#_0">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>oujNy7cDcl5vQOOo/uVXjtjcXXX=</DigestValue>
                    </Reference>
                </SignedInfo>
                <SignatureValue>/BZFogOC9wNeQpz/gVWByh2XXX=</SignatureValue>
                <KeyInfo>
                    <o:SecurityTokenReference>
                        <o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" URI="#uuid-e0e55926-58dd-4abc-8cdc-1e6d3a480a0e-454"/>
                    </o:SecurityTokenReference>
                </KeyInfo>
            </Signature>
        </o:Security>
    </s:Header>
    <s:Body>
        <getRepositoryInfo xmlns="http://tempuri.org/">
            <repositoryId>1</repositoryId>
        </getRepositoryInfo>
    </s:Body>
</s:Envelope>

and this is the zeep call

<?xml version="1.0" encoding="UTF-8"?>
<soap-env:Envelope xmlns:soap-env="http://www.w3.org/2003/05/soap-envelope">
   <soap-env:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
      <wsa:Action>http://tempuri.org/IRepositoryService/getRepositoryInfo</wsa:Action>
      <wsa:MessageID>urn:uuid:dcab7880-2bcc-42c8-ab88-b79a7aac3b95</wsa:MessageID>
      <wsa:To>https://XXX.sYYY.com/RepositoryService.svc</wsa:To>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken>
            <wsse:Username>YYY</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXX</wsse:Password>
         </wsse:UsernameToken>
         <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsu:Created>2021-02-04T14:00:18.666Z</wsu:Created>
            <wsu:Expires>2021-02-04T14:10:18.666Z</wsu:Expires>
         </wsu:Timestamp>
      </wsse:Security>
   </soap-env:Header>
   <soap-env:Body>
      <ns0:getRepositoryInfo xmlns:ns0="http://tempuri.org/">
         <ns0:repositoryId>1</ns0:repositoryId>
      </ns0:getRepositoryInfo>
   </soap-env:Body>
</soap-env:Envelope>

we have the same body, but there SecurityContext are never be created.

@nicostubi any suggestion for this?

thanks

[nicostubi]

No, @andreabisello sorry

Better to ask @mvantellingen I guess.

I just tried this library as part of a POC a few years ago and it was not working well for our use case.