search

vmware / vsphere-automation-sdk-python

Python samples, language bindings, and API reference documentation for vSphere, VMC, and NSX-T using the VMware REST API
MIT License
739 stars 309 forks source link

Need help retrieving Hok token #327

Closed VedaNiks closed 9 months ago

VedaNiks commented 1 year ago

I am new here. I have not used vsphere SDK before. I am trying to get a hok token for my use case. I have created a private key and certificate using OpenSSL. I am using them to get a hok token.

Code below:

sso_url = "https://vcenter-ip/sts/STSService/vsphere.local"
authenticator = sso.SsoAuthenticator(sso_url)
context = get_unverified_context()
saml_token = authenticator.get_bearer_saml_assertion('username',
                                                     'password',
                                                     delegatable=True,
                                                     ssl_context=context,
                                                     )

hok_token = authenticator.get_hok_saml_assertion(ssl_context=context,
                                                 public_key=PUBLIC_KEY_PATH,
                                                 private_key=PRIVATE_KEY_PATH,
                                                 act_as_token=saml_token
                                                 )
print(hok_token)

This gave me below error:

Traceback (most recent call last): File "C:/Users/ntelkunte/vsphere-automation-sdk-python/samples/vsphere/common/vim/retrieve_saml_token.py", line 40, in main() File "C:/Users/ntelkunte/vsphere-automation-sdk-python/samples/vsphere/common/vim/retrieve_saml_token.py", line 21, in main hok_token = authenticator.get_hok_saml_assertion(ssl_context=context, File "C:\Users\ntelkunte\vsphere-automation-sdk-python\samples\vsphere\common\sso.py", line 595, in get_hok_saml_assertion hok_token = self.perform_request(soap_message, File "C:\Users\ntelkunte\vsphere-automation-sdk-python\samples\vsphere\common\sso.py", line 271, in perform_request raise SoapException(fault, *parsed_fault) samples.vsphere.common.sso.SoapException: SoapException: faultcode: ns0:FailedAuthentication faultstring: Invalid credentials faultxml: <?xml version='1.0' encoding='UTF-8'?>ns0:FailedAuthenticationInvalid credentials</S:Fault></S:Body></S:Envelope>

I've tried calling get_hok_saml_assertion without act_as_token parameter as well but getting the same error. I've verified that I am able to get saml_token with provided credentials.

I've also tried, merging below code in external_psc_sso_workflow.py but still getting the same error.

Can someone please tell me what I am doing wrong? If anyone already has implemented this, can you please provide sample program for this?

Thanks in advance!

Reproduction steps

1. Install required python packages for vsphere-automation-sdk-python
2. Create a private key and certificate using OpenSSL
3. Try to retrieve holder of key token using "get_hok_saml_assertion" function.
...

Expected behavior

Should be able retrieve holder of key token using get_hok_saml_assertion function

Additional context

No response

jobingeo commented 1 year ago

Isn't it a pyVmomi call, https://github.com/vmware/pyvmomi/blob/master/pyVim/connect.py#L133 ? May be you can triage this from above PyVmomi call.

There is no issue with this module as LoginByToken() is the commonly used.