cancel
Showing results for 
Search instead for 
Did you mean: 
mehaase
Level 8

Authorization Error in MVM API

Jump to solution

Hi, I am writing a script that will connect to an MVM API. I have a copy of the "MVM Open API" package (it's not very "open", but that's a conversation for a different day). I am still stuck on the authentication step. I have a SOAP request created as follows:

I am developing this against a 60-day trial version of MVM; I am hoping that I can get this working so that I can give it to a client that has a full license for MVM.

The error code -9 appears to be FSCOMM_BAD_SIGNATURE. Is the the correct error message, and if so, what signature is it referring to?

The only signature that I am aware of is the signature on the SSL client certificate; I generated that certificate using the Foundstone Certificate Manager tool. I removed the passphrase from that certificate using OpenSSL FIPS Object Module v1.2 on the same server that I generated the certificate on.

I enabled API logging in the registry and restarted the API service but it does not include any useful information in the log files.

The error message also says "Not Authorized Access". I'm not sure what this means, either. I'm trying to authorize myself, I am only trying to authenticate.

Finally, I'm confused by the "Customer" and "PortalName" fields. The "Customer" element is not explained AT ALL in the API documentation. The "PortalName" documentation only says, "A third-party SOAP client should store an empty string in this field." Therefore, I am putting an empty string in that field.

Thanks for any insight that you can offer.

0 Kudos
1 Solution

Accepted Solutions
mehaase
Level 8

Re: Authorization Error in MVM API

Jump to solution

WOW. I finally figured out the issue. The API requires an undocumented header in order to complete authentication. It took me hours to figure this out. I suppose I can't post the details here, due to NDA, but if anybody from McAfee support is reading, please PM me. Your documentation needs to be updated.

You should also add some information to your API documentation about how to debug error messages.

0 Kudos
3 Replies
mehaase
Level 8

Re: Authorization Error in MVM API

Jump to solution

The forum software removed my XML snippets, let me try again:

<SOAP-ENV:Envelope xmlns:ns3="http://www.w3.org/2001/XMLSchema" xmlnsSmiley FrustratedOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://www.foundstone.com/foundscan.wsdl" xmlns:ns2="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlnsSmiley FrustratedOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">    <SOAP-ENV:Header/>    <ns2:Body>       <ns1:UserLogin>          <Option xsi:type="ns1:LoginOption">             <Customer xsi:type="ns3:string">Lunarline</Customer>             <User xsi:type="ns3:string">administrator</User>             <UserIP xsi:type="ns3:string">192.168.36.100</UserIP>             <Password xsi:type="ns3:string">81c8c6e64dc1f610a8033a09b6c1636d42b89d2f33090698a48bb0ba7a893f0d081b42d3885a9b822c90a0466c2c96899c4448466b54d65d59ad04083b4fee9b</Password>             <PortalName xsi:type="ns3:string"></PortalName>          </Option>       </ns1:UserLogin>    </ns2:Body> </SOAP-ENV:Envelope>

<?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlnsSmiley FrustratedOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlnsSmiley FrustratedOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:hdr="http://www.foundstone.com/hdr.xsd" xmlns:fs="http://www.foundstone.com/foundscan.wsdl"><SOAP-ENV:Header></SOAP-ENV:Header><SOAP-ENV:Body SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Fault><faultcode>SOAP-ENVSmiley Frustratederver</faultcode><faultstring>Error Code=-9 - Not Authorized Access</faultstring><detail>Not Authorized Access</detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>

on 11/1/12 6:05:51 PM CDT
0 Kudos
mehaase
Level 8

Re: Authorization Error in MVM API

Jump to solution

WOW. I finally figured out the issue. The API requires an undocumented header in order to complete authentication. It took me hours to figure this out. I suppose I can't post the details here, due to NDA, but if anybody from McAfee support is reading, please PM me. Your documentation needs to be updated.

You should also add some information to your API documentation about how to debug error messages.

0 Kudos
cgrim
Level 13

Re: Authorization Error in MVM API

Jump to solution

Hi mehaase,

I PM'd you.

I'm glad you were able to solve your own issue, but I'm sorry you didn't get a quick answer here!

-Cathy

0 Kudos