cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization Error in MVM API

Jump to solution

Hi, I am writing a script that will connect to an MVM API. I have a copy of the "MVM Open API" package (it's not very "open", but that's a conversation for a different day). I am still stuck on the authentication step. I have a SOAP request created as follows:

I am developing this against a 60-day trial version of MVM; I am hoping that I can get this working so that I can give it to a client that has a full license for MVM.

The error code -9 appears to be FSCOMM_BAD_SIGNATURE. Is the the correct error message, and if so, what signature is it referring to?

The only signature that I am aware of is the signature on the SSL client certificate; I generated that certificate using the Foundstone Certificate Manager tool. I removed the passphrase from that certificate using OpenSSL FIPS Object Module v1.2 on the same server that I generated the certificate on.

I enabled API logging in the registry and restarted the API service but it does not include any useful information in the log files.

The error message also says "Not Authorized Access". I'm not sure what this means, either. I'm trying to authorize myself, I am only trying to authenticate.

Finally, I'm confused by the "Customer" and "PortalName" fields. The "Customer" element is not explained AT ALL in the API documentation. The "PortalName" documentation only says, "A third-party SOAP client should store an empty string in this field." Therefore, I am putting an empty string in that field.

Thanks for any insight that you can offer.

1 Solution

Accepted Solutions

Re: Authorization Error in MVM API

Jump to solution

WOW. I finally figured out the issue. The API requires an undocumented header in order to complete authentication. It took me hours to figure this out. I suppose I can't post the details here, due to NDA, but if anybody from McAfee support is reading, please PM me. Your documentation needs to be updated.

You should also add some information to your API documentation about how to debug error messages.

3 Replies

Re: Authorization Error in MVM API

Jump to solution

The forum software removed my XML snippets, let me try again:

<SOAP-ENV:Envelope xmlns:ns3="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://www.foundstone.com/foundscan.wsdl" xmlns:ns2="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">    <SOAP-ENV:Header/>    <ns2:Body>       <ns1:UserLogin>          <Option xsi:type="ns1:LoginOption">             <Customer xsi:type="ns3:string">Lunarline</Customer>             <User xsi:type="ns3:string">administrator</User>             <UserIP xsi:type="ns3:string">192.168.36.100</UserIP>             <Password xsi:type="ns3:string">81c8c6e64dc1f610a8033a09b6c1636d42b89d2f33090698a48bb0ba7a893f0d081b42d3885a9b822c90a0466c2c96899c4448466b54d65d59ad04083b4fee9b</Password>             <PortalName xsi:type="ns3:string"></PortalName>          </Option>       </ns1:UserLogin>    </ns2:Body> </SOAP-ENV:Envelope>

<?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:hdr="http://www.foundstone.com/hdr.xsd" xmlns:fs="http://www.foundstone.com/foundscan.wsdl"><SOAP-ENV:Header></SOAP-ENV:Header><SOAP-ENV:Body SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Error Code=-9 - Not Authorized Access</faultstring><detail>Not Authorized Access</detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>

on 11/1/12 6:05:51 PM CDT

Re: Authorization Error in MVM API

Jump to solution

WOW. I finally figured out the issue. The API requires an undocumented header in order to complete authentication. It took me hours to figure this out. I suppose I can't post the details here, due to NDA, but if anybody from McAfee support is reading, please PM me. Your documentation needs to be updated.

You should also add some information to your API documentation about how to debug error messages.

cgrim
Level 13
Report Inappropriate Content
Message 4 of 4

Re: Authorization Error in MVM API

Jump to solution

Hi mehaase,

I PM'd you.

I'm glad you were able to solve your own issue, but I'm sorry you didn't get a quick answer here!

-Cathy

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community