an example of use of EscapeWSSEAuthenticationBundle?

[Cs4r]

Hi guys.

Is there an example of use of this bundle?

I have already installed it but I'm a little lost yet and I don't even know how to use it

Can anybody help me?

Thanks a lot.

[djoos]

Hi César,

thanks for getting in touch! I agree we need some more information/examples on this plugin's implementation...

I guess you are familiar with Symfony2's general security (http://symfony.com/doc/current/book/security.html) documentation and you went through the README.md file provided with this bundle, right? It would be great if you could give us a hand by highlighting the issues you're experiencing so we can use this to improve the documentation!

Looking forward to hearing from you and helping you get started!

Kind regards, David

[djoos]

Hi César,

how are you getting on? It would be great to hear from you - thanks in advance!

Kind regards, David

[djoos]

bump

[pleerock]

really where are example? Have no idea how to use wsse security with your bundle

[djoos]

Hi,

thanks for your feedback!

So you've got API endpoints in your current application and would like to start using this bundle to secure them, right? Covering the setup of the API is out of the scope of this bundle, but if I can take that as a starting point, I'll write up some documentation over the next few days/week to get started...

Kind regards, David

[djoos]

Hi guys,

I haven't heard back from you, but I hope you have made some progress over the past few weeks! I've been really busy so haven't got round to writing any documentation. It would be really helpful to find out what exactly you're struggling with...

Have a great weekend!

Kind regards, David

[jbruni]

From the Symfony app side of the story, all seems fine. I'd like to see a simple example of how people from outside can access the API.

It is more a WSSE question than a Bundle-related question, for sure. Can you help, @djoos ?

[jbruni]

My goal is to provide a simple-to-use API for our end users. I want to see an example to acknowledge how easy or how difficult it is for the API consumer to provide the required WSSE info to use it. Note: I first heard of WSSE a couple of minutes ago - I need to know this before diving deeper or already discarding this solution. Thank you.

[djoos]

Hi @jbruni,

from the client side of things it might help to have a look at https://github.com/escapestudios/EscapeAPIClientBundle, in particular the execute-method in the Request-class...

Hope this helps, please do let me know how it goes!

Kind regards, David

[jbruni]

Thank you, @djoos.

We took the most simple and quick solution we've found for both us and the API consumers, using HTTP Basic authentication, just like here: https://control.vps.net/api/

It is not the safest or more sophisticated approach, but it fulfills our purposes at the moment.

Kind regards, João

[hiroshikuncr]

Hello, i'm trying to use your bundle but i have a little issu i don't know the Headers i need to send im using the basic configuration from the Readme, in a Symfony 2.3

just now i sent this headers

Authorization: WSSE profile="UsernameToken" X-WSSE: UsernameToken Username="admintest", PasswordDigest="czAqjKtBNt7TzlbOU+vZruE8poM=", Nonce="OWEzODgxZWNhYWZjMzI3YQ==", Created="2014-03-12T17:42:52Z"

but i get a 401 i generate the header with http://www.teria.com/~koseki/tools/wssegen/ and test it with Rest Console (Chrome)

can you give me a tip of what im doing wrong (i think can be the headers i create)

Greetings and Thanks

[djoos]

Hi @horishikuncr,

please do have a look at https://github.com/escapestudios/EscapeAPIClientBundle, in particular the execute-method in the Request-class... There you'll see how we create the WSSE-header and then use RequestCore/cURL to send a request to a WSSE-secured API.

Let me know how it goes!

Kind regards, David

[hiroshikuncr]

Hi djoos, i check the ClientBundle, i read about it from the beginning, but until you say to me to check out i start thinking a way of use it.

i take the example with the documentation and create a rest to get the token, { entities: { x-wsse:: "UsernameToken Username="admintest", PasswordDigest="mKXtBRbZDQdco0j73w6c37ta+W0=", Nonce="5320c5ea0c826", Created="Wed, 12 Mar 2014 14:39:06 -0600"" Authorization: "WSSE profile="UsernameToken"" } }

i get this information and returnet to my previews tries to create this header Authorization: WSSE profile="UsernameToken" X-WSSE: UsernameToken Username="admintest", PasswordDigest="mKXtBRbZDQdco0j73w6c37ta+W0=", Nonce="5320c5ea0c826", Created="Wed, 12 Mar 2014 14:39:06 -0600"

but i stil get a 401 (Unauthorized) Status Code: 401 Date: Wed, 12 Mar 2014 20:39:56 GMT WWW-Authenticate: WSSE realm="Secured API", profile="UsernameToken" Host: localhost:8000

i know i have a error in some step, but cant find out what is it. is there some way to dabug your bundle to find the reason of the problem (can be a issue with FosUserBundle, or realy fast time out.)

Greetings and Thanks for your help

[hiroshikuncr]

I find the problem debugin the bundle code, i use FosUserBundle, and the password is encrypted while i send the request as PlainText the solution was create a new restful to get the Token from the server i made this to encrypt the plain password with the user salt and create the token with the correct information.

probably this is not the correct solution but is a quick workaround.

i'm sorry that i create this requests here while is a diferent problem

Greetings and Thanks for all your Help

[djoos]

Hi @hiroshikuncr,

please have a look at issue #35, where FOSUser & WSSE is succesfully covered and eventually implemented.

@Cs4r, @PLEEROCK and @jbruni I'll close this ticket for now, but will open a new one about writing some more documentation and examples...

Kind regards, David