I am writing a small tool to open a WebEx with our support customers using the support ticket information. When the site used Username/Password I could make it work, now we use SSO. The WebEx server is already setup to accept SSO (by our IT manager - not me).
The WebEx reference (linked below) does not elaborate, and the WebEx dev forum over the official site is so dormant, and void of answers about the subject, that I've decided to try my luck over here.
posted this same question over the official forum
Anyone have an idea how to make the code below actually work?
What goes into the <samlResponse>
tag and replace the below line in the code with something that will make it work:
<samlResponse>samlResponse message will go here</samlResponse>
What does SAML assertion in the documentation (see below) means?
WebEx's XML-API documentation (Page 68) describes the following:
3.1 AuthenticateUser
The AuthenticateUser API will accept a SAML assertion in place of a user password. The returned can be used for subsequent XML API requests without using for the session duration as defined in Super Admin. This can take the place of the current requirement for a and for authentication. ...
The following schema diagram shows the element structure of the AuthenticateUser request message.
And then it provide the XML schema diagram, and a sample.
Referencing the example .NET code (which does not use SAML) I came up with the following code:
string strXMLServer = "https://varonis.webex.com/WBXService/XMLService";
WebRequest request = WebRequest.Create(strXMLServer);
// Set the Method property of the request to POST.
request.Method = "POST";
// Set the ContentType property of the WebRequest.
request.ContentType = "application/x-www-form-urlencoded";
// Create POST data and convert it to a byte array.
Func<StringBuilder, StringBuilder> webExXML =
bodySB => new StringBuilder(1024) // Currently 294 bytes in length
.AppendLine("<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>")
.Append("<serv:message xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"")
.Append(" xmlns:serv=\"http://www.webex.com/schemas/2002/06/service\"")
.Append(" xsi:schemaLocation=\"http://www.webex.com/schemas/2002/06/service")
.Append(" http://www.webex.com/schemas/2002/06/service/service.xsd\">")
.AppendLine("<header>")
.AppendLine("<securityContext>")
.AppendLine("<siteName>siteName</siteName>")
.AppendLine("<webExID>username</webExID>")
.AppendLine("<password></password>")
.AppendLine("<partnerID></partnerID>")
.AppendLine("</securityContext>")
.AppendLine("</header>")
.AppendLine()
.AppendLine("<body>")
.Append(bodySB)
.AppendLine()
.AppendLine("</body>")
.AppendLine("</serv:message>");
var xmlAuthBodyContent = new StringBuilder()
.AppendLine("<bodyContent ")
.AppendLine("xsi:type=\"java:com.webex.service.binding.user.AuthenticateUser\">")
.AppendLine("<samlResponse>samlResponse message will go here</samlResponse>")
.AppendLine("</bodyContent>");
byte[] byteArray = Encoding.UTF8.GetBytes(webExXML(xmlAuthBodyContent).ToString());
// Set the ContentLength property of the WebRequest.
request.ContentLength = byteArray.Length;
// Get the request stream.
Stream dataStream = request.GetRequestStream();
// Write the data to the request stream.
dataStream.Write(byteArray, 0, byteArray.Length);
// Close the Stream object.
dataStream.Close();
// Get the response.
WebResponse response = request.GetResponse();
DataSet DSResponse = new DataSet();
DSResponse.ReadXml(response.GetResponseStream());
DSResponse.GetXml().Dump();
The result I get is:
<serv:message xmlns:serv="http://www.webex.com/schemas/2002/06/service">
<serv:header>
<serv:response>
<serv:result>FAILURE</serv:result>
<serv:reason>Authentication Server can't generate a valid session ticket</serv:reason>
<serv:gsbStatus>PRIMARY</serv:gsbStatus>
<serv:exceptionID>030048</serv:exceptionID>
<serv:subErrors>
<serv:subError>
<serv:exceptionID>AS0062</serv:exceptionID>
<serv:reason>Validate assertion failed</serv:reason>
<serv:value />
</serv:subError>
</serv:subErrors>
</serv:response>
</serv:header>
<serv:body>
<serv:bodyContent />
</serv:body>
</serv:message>
Apologies for the thread necromancy, but the answer here isn't really that helpful, and I thought I would include a full, working example in C# (tested against a ADFS 3.0 server), hacked together from the code above plus some additional items:
var handler = new HttpClientHandler
{
UseDefaultCredentials = true,
AllowAutoRedirect = true,
CookieContainer = new System.Net.CookieContainer(),
UseCookies = true
};
var client = new HttpClient(handler) {MaxResponseContentBufferSize = 256000};
client.DefaultRequestHeaders.Add("User-Agent", "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)");
client.DefaultRequestHeaders.Add("Connection", "Keep-Alive");
client.DefaultRequestHeaders.ExpectContinue = false;
var samlResponseString = client
.GetStringAsync(
new Uri("https://AdfsServer/adfs/ls/IdpInitiatedSignOn.aspx?logintoRP=RPIdentifier")).Result;
var parsedSamlResponse = "";
Regex reg = new Regex("SAMLResponse\\W+value\\=\\\"([^\\\"]+)\\\"");
MatchCollection matches = reg.Matches(samlResponseString);
foreach (Match m in matches)
{
parsedSamlResponse = m.Groups[1].Value;
}
string strXMLServer = "https://mysite.webex.com/WBXService/XMLService";
WebRequest request = WebRequest.Create(strXMLServer);
// Set the Method property of the request to POST.
request.Method = "POST";
// Set the ContentType property of the WebRequest.
request.ContentType = "application/x-www-form-urlencoded";
// Create POST data and convert it to a byte array.
Func<StringBuilder, StringBuilder> webExXML =
bodySB => new StringBuilder(1024) // Currently 294 bytes in length
.AppendLine("<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>")
.Append("<serv:message xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"")
.Append(" xmlns:serv=\"http://www.webex.com/schemas/2002/06/service\"")
.Append(" xsi:schemaLocation=\"http://www.webex.com/schemas/2002/06/service")
.Append(" http://www.webex.com/schemas/2002/06/service/service.xsd\">")
.AppendLine("<header>")
.AppendLine("<securityContext>")
.AppendLine("<siteName>siteName</siteName>")
.AppendLine("<webExID>adminUsername</webExID>")
.AppendLine("</securityContext>")
.AppendLine("</header>")
.AppendLine()
.AppendLine("<body>")
.Append(bodySB)
.AppendLine()
.AppendLine("</body>")
.AppendLine("</serv:message>");
var xmlAuthBodyContent = new StringBuilder()
.AppendLine("<bodyContent ")
.AppendLine("xsi:type=\"java:com.webex.service.binding.user.AuthenticateUser\">")
.AppendLine($"<samlResponse>{parsedSamlResponse}</samlResponse>")
.AppendLine("<protocol>SAML2.0</protocol>")
.AppendLine("</bodyContent>");
byte[] byteArray = Encoding.UTF8.GetBytes(webExXML(xmlAuthBodyContent).ToString());
// Set the ContentLength property of the WebRequest.
request.ContentLength = byteArray.Length;
// Get the request stream.
Stream dataStream = request.GetRequestStream();
// Write the data to the request stream.
dataStream.Write(byteArray, 0, byteArray.Length);
// Close the Stream object.
dataStream.Close();
// Get the response.
WebResponse response = request.GetResponse();
DataSet DSResponse = new DataSet();
DSResponse.ReadXml(response.GetResponseStream());
string xmlResponse = DSResponse.GetXml();
Change the code to reflect your ADFS Server, RP Identifier, Webex site name, and admin username.
The important parts that were missing:
protocol
tag in the bodyContent
block (set to SAML2.0
)