VMware Cloud Community
Grzesiekk
Expert
Expert
Jump to solution

vRO REST HoK aquiring token

Hello,

i am trying to obtain a HoK token that is required by vRO in order to utilize the vRO Rest api. I have downloaded the SDK , and used the java sample trying to obtain the HoK

VC 6.7 latest update , 2 in 1 PSC and VC on the same appliance.

I tried to do the same what was described in this post:

vCO api and Authentication

D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\java\JAXWS>build.bat

Adding vim25.jar.....

1 File(s) copied

compiling samples.....

Generating compiled samples jar.....

Cleaning up.....

Generating javadocs.....

Build complete.....

D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\java\JAXWS>goto EOF

D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\java\JAXWS>run.bat com.vmware.sso.client.samples.AcquireHoKTokenByUserCredentialSample https://vc001.greg.labs:7444/ims/STSService administrator@vsphere.local VMware1!

JAVAHOME not defined. Must be defined to run java apps.

Done.

D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\java\JAXWS>set JAVAHOME=C:\Program Files\Java\jdk1.8.0_251

D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\java\JAXWS>run.bat com.vmware.sso.client.samples.AcquireHoKTokenByUserCredentialSample https://vc001.greg.labs:7444/ims/STSService administrator@vsphere.local VMware1!

Aquiring a HoK token by using user credentials, use the pre-generated private key and certificate

Loading X509 Certificate from D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\java\JAXWS/cert/sdk.crt...

Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: The server sent HTTP status code 500: null

        at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.createResponsePacket(HttpTransportPipe.java:266)

        at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:217)

        at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:130)

        at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:124)

        at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:1121)

        at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:1035)

        at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:1004)

        at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:862)

        at com.sun.xml.internal.ws.client.Stub.process(Stub.java:448)

        at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:178)

        at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:93)

        at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:77)

        at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:147)

        at com.sun.proxy.$Proxy39.issue(Unknown Source)

        at com.vmware.sso.client.samples.AcquireHoKTokenByUserCredentialSample.getToken(AcquireHoKTokenByUserCredentialSample.java:234)

        at com.vmware.sso.client.samples.AcquireHoKTokenByUserCredentialSample.main(AcquireHoKTokenByUserCredentialSample.java:282)

Done.

Any idea what went wrong , or what is the proper way to obtain the HoK token ?

if i would run the url in browser https://vc001.greg.labs:7444/ims/STSService  , i also get internal server error 500.

also tried the dotnet version same result

:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\dotnet\cs\samples\AcquireHoKTokenByHoKTokenSample\bin\Debug>AcquireHoKTokenByUserCredentialSample.exe  https://vc001.greg.labs:7444/ims/STSService administrator@vsphere.local VMware1!

System.ServiceModel.ProtocolException: Typ zawartości text/html;charset=utf-8 komunikatu odpowiedzi nie zgadza się z typem zawartości powiązania (text/xml; charset=utf-8). Jeśli używasz niestandardowego kodera, upewnij się, czy metoda IsContentTypeSupported jest zaimplementowana poprawnie. Pierwsze 820 bajtów odpowiedzi to: "<!doctype html><html lang="en"><head><title>HTTP Status 500 - Internal Server Error</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 - Internal Server Error</h1></body></html>". ---> System.Net.WebException: Serwer zdalny zwrócił błąd: (500) Wewnętrzny błąd serwera.

   w System.Net.HttpWebRequest.GetResponse()

   w System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)

   --- Koniec śladu stosu wyjątków wewnętrznych ---

Server stack trace:

   w System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)

   w System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)

   w System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)

   w System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)

   w System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

   w System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)

   w System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:

   w System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

   w System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

   w vmware.sso.STSService_PortType.Issue(IssueRequest request)

   w vmware.sso.STSService_PortTypeClient.vmware.sso.STSService_PortType.Issue(IssueRequest request)

   w vmware.sso.STSService_PortTypeClient.Issue(RequestSecurityTokenType RequestSecurityToken)

   w AcquireHoKTokenByUserCredentialSample.AcquireHoKTokenByUserCredential.GetToken(String[] args) w D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\dotnet\cs\samples\AcquireHoKTokenByUserCredentialSample\AcquireHoKTokenByUserCredential.cs:wiersz 107

Wyjątek nieobsłużony: System.ServiceModel.ProtocolException: Typ zawartości text/html;charset=utf-8 komunikatu odpowiedzi nie zgadza się z typem zawartości powiązania (text/xml; charset=utf-8). Jeśli używasz niestandardowego kodera, upewnij się, czy metoda IsContentTypeSupported jest zaimplementowana poprawnie. Pierwsze 820 bajtów odpowiedzi to: "<!doctype html><html lang="en"><head><title>HTTP Status 500 - Internal Server Error</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 - Internal Server Error</h1></body></html>". ---> System.Net.WebException: Serwer zdalny zwrócił błąd: (500) Wewnętrzny błąd serwera.

   w System.Net.HttpWebRequest.GetResponse()

   w System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)

   --- Koniec śladu stosu wyjątków wewnętrznych ---

Server stack trace:

   w System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)

   w System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)

   w System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)

   w System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)

   w System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

   w System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)

   w System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:

   w AcquireHoKTokenByUserCredentialSample.AcquireHoKTokenByUserCredential.GetToken(String[] args) w D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\dotnet\cs\samples\AcquireHoKTokenByUserCredentialSample\AcquireHoKTokenByUserCredential.cs:wiersz 119

   w AcquireHoKTokenByUserCredentialSample.AcquireHoKTokenByUserCredential.Main(String[] args) w D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\dotnet\cs\samples\AcquireHoKTokenByUserCredentialSample\AcquireHoKTokenByUserCredential.cs:wiersz 151

--- @blog https://grzegorzkulikowski.info
Reply
0 Kudos
1 Solution

Accepted Solutions
iiliev
VMware Employee
VMware Employee
Jump to solution

Hi,

I'm not sure that https://vc001.greg.labs:7444/ims/STSService is a correct URL to STS service (at least for versions newer than 5.1).

Could you try with https://vc001.greg.labs:7444/sts/STSService instead?

View solution in original post

Reply
0 Kudos
9 Replies
iiliev
VMware Employee
VMware Employee
Jump to solution

Hi,

I'm not sure that https://vc001.greg.labs:7444/ims/STSService is a correct URL to STS service (at least for versions newer than 5.1).

Could you try with https://vc001.greg.labs:7444/sts/STSService instead?

Reply
0 Kudos
Grzesiekk
Expert
Expert
Jump to solution

Once again Ilian , you are spot on ! i thought i had something wrong with the url, but i did not which part was wrong 😕 i just use the one form the wsdl url template

https://localhost:8444/ims/STSService

and just changed my hostname and port to 7444.

I also tried to look for it via lookupservice https://vc001.greg.labs/lookupservice/mob?moid=ServiceRegistration&method=List  but could not find anything, clearly that's wrong lead.

Any idea how one can check for this on its own here is his STSservice registered ?

Again , i can't stress it enough, i am so helpful for you help ! i spent half day today on this...

thank you soooo much

i1.jpg

--- @blog https://grzegorzkulikowski.info
Reply
0 Kudos
iiliev
VMware Employee
VMware Employee
Jump to solution

What do you mean by 'could not find anything'? All services' registration information is discoverable via lookup service and visible in its MOB, including STS.

Reply
0 Kudos
Grzesiekk
Expert
Expert
Jump to solution

I mean, that i thought i would find the correct port there, but i could not find it.

--- @blog https://grzegorzkulikowski.info
Reply
0 Kudos
iiliev
VMware Employee
VMware Employee
Jump to solution

All registrations should be there.

What URL do you see registered for endpoint type com.vmware.cis.cs.identity.sso ? Whatever URL is registered for this endpoint type, it should be valid.

Reply
0 Kudos
Grzesiekk
Expert
Expert
Jump to solution

i have https://vc001.greg.labs/sts/STSService/vsphere.local  under that node.

It's just that i was searching for 7444, that's what i meant by 'not finding it' , i was counting that i would just find it  via port name.

--- @blog https://grzegorzkulikowski.info
Reply
0 Kudos
iiliev
VMware Employee
VMware Employee
Jump to solution

Port numbers may change depending on vCenter version.

Could you check whether your code works if you don't specify the port 7444 explicitly (in this case, it should use the port 443 which is the default port for HTTPS)?

Reply
0 Kudos
Grzesiekk
Expert
Expert
Jump to solution

will check and report back,  (had to swap computers) and need to install sdk again.

--- @blog https://grzegorzkulikowski.info
Reply
0 Kudos
HuiLuo
Contributor
Contributor
Jump to solution

Hi! Did you get the hok token in the way you described here? Thank you so much!
Reply
0 Kudos