CMDBuild Forum

Integrate Powershell with CMDB

Hello All. Recently been working with our implementation of CMDBuild database. Reading the support information I have learned that the service is accessible through the provided SOAP web service. Using powershell I am able to access this using New-WebServiceProxy function. I wonder if anyone else has managed to successfully call the provided methods from powershell?

 

The Endpoint URL used is

http://localhost:8080/cmdbuild/services/soap/Webservices?wsdl

 

Any information would be appreciated. The idea behind this is we can import live data through Powershell, or data from other systems.

The main issue I encounter is, when trying to invoke one of the methods for example GetCard. The method is as follows:

getCard(string className, int cardId, bool cardIdSpecified, Microsoft.PowerShell.Commands.NewWebserviceProxy.AutogeneratedTypes.WebServiceProxy10services_soap_Webservices_wsdl.attribute[] attributeList)

The documentation states that if attribute list is $null, the function will return all the attribute for the card. I call the function as follows

getcard("Servers",12345,$true,$null)

However I receive the following error in powershell

Exception calling "getCard" with "4" argument(s): "Client found response content type of 'multipart/related; type="application/xop+xml"; boundary="uuid:6fa10e4c-13c6-4f8c-b8b4-13ca9b4f4c7f"; start="<root.message@cxf.apache.org>"; start-info="application/soap+xml"', but expected 'application/soap+xml'.

The request failed with the error message

 

-uuid:6fa10e4c-13c6-4f8c-b8b4-13ca9b4f4c7f

Content-Type: application/xop+xml; charset=UTF-8; type="application/soap+xml"

Content-Transfer-Encoding: binary

Content-ID: <root.message@cxf.apache.org>

<soap:Envelope

xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Body><soap:Fault><soap:Code><soap:Value>soap:Sender</soap:Value><soap:Subcode><soap:Value

xmlns:ns1="http://ws.apache.org/wss4j">ns1:SecurityError</soap:Value></soap:Subcode></soap:Code><soap:Reason><soap:Text xml:lang="en">A security error was

encountered when verifying the message</soap:Text></soap:Reason></soap:Fault></soap:Body></soap:Envelope>

 

I'm thinking the issue is with authentication as the SOAP message returned states security error when verifying the message. Any assistance is appreciated

 

Dear Satbir,
 
as you said, looking at this message
 
A security error was encountered when verifying the message
 
it seems that your client is not authorized to perform such operation. SOAP web services (as well REST ones) require an authentication. Please refer to the CMDBuild's Web Service Manual.
 
Best regards.
 
-- CMDBuild Team
 
Previously Satbir wrote:

The main issue I encounter is, when trying to invoke one of the methods for example GetCard. The method is as follows:

getCard(string className, int cardId, bool cardIdSpecified, Microsoft.PowerShell.Commands.NewWebserviceProxy.AutogeneratedTypes.WebServiceProxy10services_soap_Webservices_wsdl.attribute[] attributeList)

The documentation states that if attribute list is $null, the function will return all the attribute for the card. I call the function as follows

getcard("Servers",12345,$true,$null)

However I receive the following error in powershell

Exception calling "getCard" with "4" argument(s): "Client found response content type of 'multipart/related; type="application/xop+xml"; boundary="uuid:6fa10e4c-13c6-4f8c-b8b4-13ca9b4f4c7f"; start="<root.message@cxf.apache.org>"; start-info="application/soap+xml"', but expected 'application/soap+xml'.

The request failed with the error message

 

-uuid:6fa10e4c-13c6-4f8c-b8b4-13ca9b4f4c7f

Content-Type: application/xop+xml; charset=UTF-8; type="application/soap+xml"

Content-Transfer-Encoding: binary

Content-ID: <root.message@cxf.apache.org>

<soap:Envelope

xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Body><soap:Fault><soap:Code><soap:Value>soap:Sender</soap:Value><soap:Subcode><soap:Value

xmlns:ns1="http://ws.apache.org/wss4j">ns1:SecurityError</soap:Value></soap:Subcode></soap:Code><soap:Reason><soap:Text xml:lang="en">A security error was

encountered when verifying the message</soap:Text></soap:Reason></soap:Fault></soap:Body></soap:Envelope>

 

I'm thinking the issue is with authentication as the SOAP message returned states security error when verifying the message. Any assistance is appreciated

 

 

Good morning,

Many thanks for your response. I created a new service account to be used, which was a member of the SuperUsers group, and also selected the privileged option. Confirmed I can log in with the account when trying to sign into the webpage. However when I use the following

$cred = Get-Credential

$proxy = New-WebServiceProxy $URI -Credential $cred

With $URI being the address for the webservice. I still receive the same error. I had tried to use SOAP UI 5.3 to test the webservice, providing the correct details, and the response received is the same unfortunately.

Previously Tecnoteca wrote:

Dear Satbir,
 
as you said, looking at this message
 
A security error was encountered when verifying the message
 
it seems that your client is not authorized to perform such operation. SOAP web services (as well REST ones) require an authentication. Please refer to the CMDBuild's Web Service Manual.
 
Best regards.
 
-- CMDBuild Team
 

 

Managed to receive information from the Web Service using powershell. However rather than using the New-WebServiceProxy method, Had to construct my own SOAP request and use the Invoke-WebRequest method. As CMDBuild requires the WSS Standard 1.0 for authentication, using SOAP UI, discovered the password didn't need to be Digest, but could be in Text. The Authentication header was like below;

<soap:Header>

<wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

<wsse:UsernameToken>

<wsse:Username>REQUIREDUSERNAME</wsse:Username>  

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PLAINTEXTPASSWORD</wsse:Password>

</wsse:UsernameToken>

</wsse:Security>

</soap:Header>

 

This allowed me successfully receive the information required. Still need to work on how to manipulate the XML, but I guess one step at a time. The New-WebServiceProxy doesn't appear to pass credentials in a format that is consistent with what CMDBuild requires. Other examples I have seen on the internet seem to have an authentication method that is part of the WebService, and not in a SOAP header. Would this be possible to incorporate in a future update?

 

Previously Satbir wrote:

Good morning,

Many thanks for your response. I created a new service account to be used, which was a member of the SuperUsers group, and also selected the privileged option. Confirmed I can log in with the account when trying to sign into the webpage. However when I use the following

$cred = Get-Credential

$proxy = New-WebServiceProxy $URI -Credential $cred

With $URI being the address for the webservice. I still receive the same error. I had tried to use SOAP UI 5.3 to test the webservice, providing the correct details, and the response received is the same unfortunately.

Previously Tecnoteca wrote:

Dear Satbir,
 
as you said, looking at this message
 
A security error was encountered when verifying the message
 
it seems that your client is not authorized to perform such operation. SOAP web services (as well REST ones) require an authentication. Please refer to the CMDBuild's Web Service Manual.
 
Best regards.
 
-- CMDBuild Team
 

 

 

Dear Satbir,
 
at the moment we have no plans for improve SOAP web services, but we'll keep in mind your suggestion. Take a look at REST web services, maybe they can be simpler to use. 
 
Best regards.
 
-- CMDBuild Team
 
Previously Satbir wrote:

Managed to receive information from the Web Service using powershell. However rather than using the New-WebServiceProxy method, Had to construct my own SOAP request and use the Invoke-WebRequest method. As CMDBuild requires the WSS Standard 1.0 for authentication, using SOAP UI, discovered the password didn't need to be Digest, but could be in Text. The Authentication header was like below;

<soap:Header>

<wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

<wsse:UsernameToken>

<wsse:Username>REQUIREDUSERNAME</wsse:Username>  

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PLAINTEXTPASSWORD</wsse:Password>

</wsse:UsernameToken>

</wsse:Security>

</soap:Header>

 

This allowed me successfully receive the information required. Still need to work on how to manipulate the XML, but I guess one step at a time. The New-WebServiceProxy doesn't appear to pass credentials in a format that is consistent with what CMDBuild requires. Other examples I have seen on the internet seem to have an authentication method that is part of the WebService, and not in a SOAP header. Would this be possible to incorporate in a future update?

 

Previously Satbir wrote:

Good morning,

Many thanks for your response. I created a new service account to be used, which was a member of the SuperUsers group, and also selected the privileged option. Confirmed I can log in with the account when trying to sign into the webpage. However when I use the following

$cred = Get-Credential

$proxy = New-WebServiceProxy $URI -Credential $cred

With $URI being the address for the webservice. I still receive the same error. I had tried to use SOAP UI 5.3 to test the webservice, providing the correct details, and the response received is the same unfortunately.

Previously Tecnoteca wrote:

Dear Satbir,
 
as you said, looking at this message
 
A security error was encountered when verifying the message
 
it seems that your client is not authorized to perform such operation. SOAP web services (as well REST ones) require an authentication. Please refer to the CMDBuild's Web Service Manual.
 
Best regards.
 
-- CMDBuild Team
 

 

 

 

this is sample for authenticate new session in powershell
 

$header = @{
"Content-Type"="application/json"
}

$body = @{
"username" = "user"
"password" = "password"
} | ConvertTo-Json

$params = @{
Uri = $Root_Url + '/sessions'
Headers = $header
Method = 'POST'
Body = $body
ContentType = 'application/json'
}

$Ris = Invoke-RestMethod @params

$Session_id = $Ris.data._id

Write-Host $Session_id
# list class
$header = @{
"CMDBuild-Authorization"= $Session_id }

$params = @{
Uri = $Root_Url + '/classes'
Headers = $header
Method = 'GET'
# Body = $body
ContentType = 'application/json'
}

$Class = Invoke-RestMethod @params

foreach ($Cl in $Class.data ){
Write-Host $Cl
}
Previously Tecnoteca wrote:
Dear Satbir,
 
at the moment we have no plans for improve SOAP web services, but we'll keep in mind your suggestion. Take a look at REST web services, maybe they can be simpler to use. 
 
Best regards.
 
-- CMDBuild Team
 
Previously Satbir wrote:

Managed to receive information from the Web Service using powershell. However rather than using the New-WebServiceProxy method, Had to construct my own SOAP request and use the Invoke-WebRequest method. As CMDBuild requires the WSS Standard 1.0 for authentication, using SOAP UI, discovered the password didn't need to be Digest, but could be in Text. The Authentication header was like below;

<soap:Header>

<wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

<wsse:UsernameToken>

<wsse:Username>REQUIREDUSERNAME</wsse:Username>  

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PLAINTEXTPASSWORD</wsse:Password>

</wsse:UsernameToken>

</wsse:Security>

</soap:Header>

 

This allowed me successfully receive the information required. Still need to work on how to manipulate the XML, but I guess one step at a time. The New-WebServiceProxy doesn't appear to pass credentials in a format that is consistent with what CMDBuild requires. Other examples I have seen on the internet seem to have an authentication method that is part of the WebService, and not in a SOAP header. Would this be possible to incorporate in a future update?

 

Previously Satbir wrote:

Good morning,

Many thanks for your response. I created a new service account to be used, which was a member of the SuperUsers group, and also selected the privileged option. Confirmed I can log in with the account when trying to sign into the webpage. However when I use the following

$cred = Get-Credential

$proxy = New-WebServiceProxy $URI -Credential $cred

With $URI being the address for the webservice. I still receive the same error. I had tried to use SOAP UI 5.3 to test the webservice, providing the correct details, and the response received is the same unfortunately.

Previously Tecnoteca wrote:

Dear Satbir,
 
as you said, looking at this message
 
A security error was encountered when verifying the message
 
it seems that your client is not authorized to perform such operation. SOAP web services (as well REST ones) require an authentication. Please refer to the CMDBuild's Web Service Manual.
 
Best regards.
 
-- CMDBuild Team
 

 

 

 

 

Powershell to CMDBuild 3 it is easy.

 

 

$API = "http://localhost:8090/cmdbuild/services/rest/v3"

$body = '{"username": "admin", "password": "admin"}'

$result = Invoke-RestMethod -Uri "$API/sessions?scope=service" -Method Post  -Body $body -ContentType 'application/json'

# get id session

$id = $result.data._id

 

$headers = @{"CMDBuild-Authorization"="$id"}

 # get data from cmdbuild

$result = Invoke-RestMethod -Uri "$API/classes/Site" -Method Get  -Headers $headers -ContentType 'application/json'

$result.data.Name