im facing some problem with consuming webservices with wssecurity. im using robrichard's wse-php which is working fine for encryption ( if i miss any mandatory field , server will throw an error msg with Mandatory field missing which means it can decrypt the msg im sending ) .
But i have problem with the signature. the server is returning signature verification failed error and when we view the log it is showing as
[2015-06-24 11:16:33,061] WARN uuid:3f6c703f-05e6-85e8-6b62-a4fa343cd54f [org.apache.ws.security.validate.SignatureTrustValidator]
[[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)']:
No Subject DN Certificate Constraints were defined. This could be a security issue
Please post your full code here. Did you have xml sample request ? Test with SoapUI first
Related
Im rewriting a few scripts to make use of the new v4 signature for Amazon AWS.
I am trying to send an email using the code on this page:
https://github.com/okamos/php-ses
When I use his code exactly as it is just adding secret keys etc I get an error saying my email address isnt verified on us_east_1. This makes sense as all my things are on EU_WEST_1.
So Ive tried adding the EU endpoint as a third parameter but get this error:
'Warning: SimpleEmailService::sendEmail(): 6 Could not resolve host: EU_WEST_1'
This is the line of code which seems to work but connecting to the wrong endpoint
$ses = new SimpleEmailService('apikey', 'secretkey');
print_r($ses->sendEmail($m));
I have tried adding the new endpoint as the third parameter like this
$ses = new SimpleEmailService('apikey', 'secret','eu-west-1');
But that just generates the error.
Can anyone tell me the correct code to use to set the eu-west-1 endpoint to send emails through?
Thanks
I had faced the same problem with AWS PHP library for uploading files to S3. Even though I was setting up the region from us-east-1 to eu-west-1 it was still taking us-east-1 as by default. I would suggest you to look for region configurations in library and how it is overriding.
SES Email Host for us-east-1 and eu-west-1 are different. So even though if you are passing correct API and Secret, it might not work because of default region.
If this debug process doesn't work can share the screenshot of what you region you are getting before email dispatch. I would love to explore further.
I found the problem.
Looks like there was a typo within the code on github, it had these 3 lines in the file 'SimpleEmailServices.php:
const AWS_US_EAST_1 = 'email.us-east-1.amazonaws.com';
const AWS_US_WEST_2 = 'email.us-west-2.amazonaws.com';
const AWS_EU_WEST1 = 'email.eu-west-1.amazonaws.com';
He'd missed the underscore in the AWS_EU_WEST1.
I'm implementing OpenId Connect into my Yii2 app using the yii2-authclient library. I can login and exchange the code for a token with no problems. I've followed most of the code examples on the web and set a successCallback function that gets called once a user successfully logs in. It looks like this:
public function successCallback(ClientInterface $client)
{
$attributes = $client->getUserAttributes();
}
This code gets called, but calling getUserAttributes() results in the following error:
Exception – yii\authclient\InvalidResponseException
Request failed with code: 400, message:
{"error":"invalid_request","error_description":"Token not provided"}
The logs on the id server show a blank client and user, with an error of invalid_token.
I took a close look at the request I make and I see an access_token element. Any ideas what the problem might be? I can provide more information if necessary.
I figured it out. The problem was that the yii2-authclient library was sending the token as a GET parameter and the ID server was expecting it as a POST param. I upgraded the yii2-authclient library and that solved the problem since a recent change sends the parameter as POST instead of GET.
I am trying to retrieve the contents of my calendar using the Outlook REST API, but I am getting weird error responses.
The code is based on the example code supplied by Microsoft in https://github.com/microsoftgraph/php-connect-rest-sample
I have created an application and specified it want access to calendar.read and changed the scope in the testcode, Constants::SCOPE, to include this scope.
After succesfully retrieving a token I can verify that the application requests and sets the correct privileges. After that I try to retrieve the events in my calendar as described at the documentation: https://msdn.microsoft.com/en-us/office/office365/api/calendar-rest-operations#get-series-master-and-single-events-rest
I use the Advanced REST client add-on for Chrome to create a GET request with the following specs:
Url: https://outlook.office.com/api/v2.0/me/events
Headers:
Authorization: Bearer [token]
Prefer: outlook.timezone=Europe/Berlin
The response I get is a 401 status code with the following content for the X-Ms-Diagnostics header:
2000010;reason="ErrorCode: 'PP_E_RPS_CERT_NOT_FOUND'. Message: 'Certificate cannot be found. Certificate required for the operation cannot be found.%0d%0a Internal error: spRPSTicket->ProcessToken failed. Failed to call CRPSDataCryptImpl::UnpackData:Certificate cannot be found. Certificate required for the operation cannot be found.%0d%0a Internal error: Failed to decrypt data. :Failed to get session key. RecipientId=293577. spCache->GetCacheItem returns error.:Cert Name: (null). SKI: d6c3dacffd2b3fba2fb3d6c2b0fcd78680a3acd1...'";error_category="invalid_msa_ticket"
The Www-Authenticate header specifies 'error="invalid_token"' while the token was just received.
Any idea what I am doing wrong?
I think another thing you might be able to check out is the scope when you request the v2 endpoint. for V2 endpoint, the scope is different between Graph API and outlook api. you need to specify scope as "https://outlook.office.com/calendars.read" instead of Graph scope.
I hope it will help.
Basically, the message means that the token you're trying to use is not valid for the operation.
I went through this. This is how I've solved:
I use the suggested scopes here (I was creating an event): https://msdn.microsoft.com/office/office365/APi/calendar-rest-operations#create-events
To get the authorization code I used this URL schema:
https://login.live.com/oauth20_authorize.srf?client_id=[YourClientID]&scope=[ScopeYouNeed]&response_type=code&redirect_uri=[YourRedirectURI]
Then I get the refresh & the access token. And now it's working!
You need to just change the URL from https://outlook.office.com/api/v2.0/me/events to https://graph.microsoft.com/v1.0/me/events
Can anyone tell how I can implement a Oauth api for my site.I have downloaded the example from http://code.google.com/p/oauth-php/downloads/list(oauth-php-175.tar.gz)
I have created the database and run the register.php file in example/server and i got a consumer key and secret key.I have replaced the api key and secret key with this in client/twolegged.php.The url mentioned their is replaced with server/www/hello.php
But when i run the file client/twolegged.php am getting the error
ExceptionRequest failed with code 401: Can't verify request, missing oauth_consumer_key or oauth_token-OAuth Verification Failed:
Is it the correct way to do this? Please help me?
Use
$server->verifyIfSigned(false)
instead of
$server->verifyIfSigned()
in hello.php
I try to get the Live Delegated Authentication to work for the purpose of reading the email addresses.
I am doing this in PHP with the help of the windowslivelogin library. The problem is that I get an error.
I'm not sure what I'm doing wrong, i registered my application on the Azure webpage and got the appid and the secret into the code. This is what i use to initialize the Live Library :
$o = new WindowsLiveLogin();
$o->setAppId('000000004801B670');
$o->setSecret('secret');
$o->setSecurityAlgorithm('wsignin1.0');
$o->setDebug(true);
$o->setPolicyUrl('http://www.google.com/aides.html');
$o->setReturnUrl("http://michaelp.dev.gamepoint.net/framework/mainsite/contactimporter/?service=live");
return $o;
Then I call
$this->LiveLibrary->getLoginUrl()
And after I Login in to Live, it posts 2 things back, $_POST['stoken'] and $_POST['action'].
As soon as I call
$this->LiveLibrary->processLogin($_REQUEST);
It fails and gives back an error that the token is invalid.
I tried getting Consent straight away by making redirecting to
$this->LiveLibrary->getConsentUrl("Contacts.View");
But that gives an 3007 error and says that it cant share the information
According to MS this means the following :
3007
Consent Service API failed in the <method name> method. The application verifier is invalid.
The offer security level requires that a valid application verifier be passed with the request.
I am using the following URL, generated by the library
https://consent.live.com/Delegation.aspx?ps=Contacts.Invite&ru=http%3A%2F%2Fmichaelp.dev.gamepoint.net%2Fframework%2Fmainsite%2Fcontactimporter%2F%3Fservice%3Dlive&pl=http%3A%2F%2Fwww.google.com%2Faides.html&app=appid%3D000000004801B670%26ts%3D1251722931%26sig%3DD2gkM%252F%252FwlRXXfS64NMrV%252Bkt50v6dAOcESblfRk7j%252FUE%253D
I don't understand most of the documentation Microsoft has on this thing, I think its really unclear and chaotic. Also the Sample I tried doesn't work. I get an error message, it can't validate/decode the token. Same I get when I try the processLogin().
Thanks in Advance,
Michael