Topic
  • 9 replies
  • Latest Post - ‏2013-07-16T12:58:20Z by HisNibs
HisNibs
HisNibs
87 Posts

Pinned topic SOAP Mgmt CURL fails

‏2013-07-12T13:13:01Z |

Have enabled the SOAP mgmt network interface and can see traffic on the device when I try and submit a request as follows

POST /service/mgmt/current HTTP/1.1

Authorization: Basic **credentials**

User-Agent: curl/7.31.0

Host: datapower.mycompany.com:5550

Accept: */*

Content-Length: 482

Content-Type: application/x-www-form-urlencoded

...<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">.<env:Body>..<dp:request domain="SandBox" xmlns:dp="http://www.datapower.com/schemas/management">..<dp:set-file name="local:///SandBox/test.xml">Base64 encode file</dp:set-file>..</dp:request>.</env:Body></env:Envelope>

However, this fails client side with either

curl: (56) Recv failure: Connection was reset/aborted

The message has been recieved on the device but not processed what should I be looking for to debug this further?

Updated on 2013-07-12T13:13:48Z at 2013-07-12T13:13:48Z by HisNibs
  • HisNibs
    HisNibs
    87 Posts
    ACCEPTED ANSWER

    Re: SOAP Mgmt CURL fails

    ‏2013-07-16T12:58:20Z  
    • HermannSW
    • ‏2013-07-12T17:22:57Z

    DataPower XML management interface has a "https:" FSH only.
    You cannot access that interface by "http:".

    If you really want (I can see no reason for that besides load tests with tools that cannot https like "ab" (Apache Bench)), the you can create a XML FW or MPGW with HTTP FSH, and passing the request data to "https://127.0.0.1:5550". For that you will have to create a "forward" SSL Proxy profile.

    But be careful, this should be done on dev environments at most.

     

    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>

    Have got it working, minor syntax issue but with your help managed to isolate the issue. Thanks

  • kenhygh
    kenhygh
    2039 Posts

    Re: SOAP Mgmt CURL fails

    ‏2013-07-12T13:15:37Z  

    Make sure the SandBox dir already exists

  • HisNibs
    HisNibs
    87 Posts

    Re: SOAP Mgmt CURL fails

    ‏2013-07-12T13:25:31Z  
    • kenhygh
    • ‏2013-07-12T13:15:37Z

    Make sure the SandBox dir already exists

    Yes the SandBox dir (case correct) exists

  • kenhygh
    kenhygh
    2039 Posts

    Re: SOAP Mgmt CURL fails

    ‏2013-07-12T14:03:39Z  
    • HisNibs
    • ‏2013-07-12T13:25:31Z

    Yes the SandBox dir (case correct) exists

    anything interesting in the logs? including in the default domain?

     

    and what's contained in ".." ?

  • HisNibs
    HisNibs
    87 Posts

    Re: SOAP Mgmt CURL fails

    ‏2013-07-12T14:40:05Z  
    • kenhygh
    • ‏2013-07-12T14:03:39Z

    anything interesting in the logs? including in the default domain?

     

    and what's contained in ".." ?

     

    multistep debug   773555 request   0x80c00004 xmlfirewall (map): Protocol layer did not supply content-type
    network debug   1346865 response 10.66.156.61 0x80e0039f xmlfirewall (web-mgmt): url-open: Finished parsing response from: http://127.0.0.1:63503/
    network debug   1346865 response 10.66.156.61 0x80e0039e xmlfirewall (web-mgmt): url-open: response code 200

    Also get an SSL failure but I have left the SSLProxy set as None and used the http protocol when using cUR, also I assume this is misleading as I have seent the message from the device network capture which would indicated the transport was negotiated and succeeded.  Nothing is contained in the '..'  I am not sure why that is there.  I have validated the XML and saved as UTF-8 so there should be any dody control codes

    Updated on 2013-07-12T14:40:55Z at 2013-07-12T14:40:55Z by HisNibs
  • swlinn
    swlinn
    1395 Posts

    Re: SOAP Mgmt CURL fails

    ‏2013-07-12T15:09:11Z  
    • HisNibs
    • ‏2013-07-12T14:40:05Z

     

    multistep debug   773555 request   0x80c00004 xmlfirewall (map): Protocol layer did not supply content-type
    network debug   1346865 response 10.66.156.61 0x80e0039f xmlfirewall (web-mgmt): url-open: Finished parsing response from: http://127.0.0.1:63503/
    network debug   1346865 response 10.66.156.61 0x80e0039e xmlfirewall (web-mgmt): url-open: response code 200

    Also get an SSL failure but I have left the SSLProxy set as None and used the http protocol when using cUR, also I assume this is misleading as I have seent the message from the device network capture which would indicated the transport was negotiated and succeeded.  Nothing is contained in the '..'  I am not sure why that is there.  I have validated the XML and saved as UTF-8 so there should be any dody control codes

    Not sure where you're getting your data that you pasted into the chat above (packet capture for example???), but I've seen some tools that show .. when the data has a carriage return and line feed characters. 

    So are you saying you've disabled SSL on the XML Management Interface as you are using http from curl?  The SSL error make me think that you have a mismatch from your curl client and DataPower, ie, you're using http, DataPower is still expecting https.  Can you provide your full curl command and also verify how the XML Management Interface is configured in your default domain?

    Regards,

    Steve

  • HisNibs
    HisNibs
    87 Posts

    Re: SOAP Mgmt CURL fails

    ‏2013-07-12T15:19:18Z  
    • swlinn
    • ‏2013-07-12T15:09:11Z

    Not sure where you're getting your data that you pasted into the chat above (packet capture for example???), but I've seen some tools that show .. when the data has a carriage return and line feed characters. 

    So are you saying you've disabled SSL on the XML Management Interface as you are using http from curl?  The SSL error make me think that you have a mismatch from your curl client and DataPower, ie, you're using http, DataPower is still expecting https.  Can you provide your full curl command and also verify how the XML Management Interface is configured in your default domain?

    Regards,

    Steve

    Yes that data was from a network capture on the datapower.  I have not specified an sslProxy for the XML mgmt interface ( I have tried both http and https)

    curl -k -u admin:password -d @test.xml http://datapower.mycompany.com:5550/service/mgmt/current

    xml-mgmt [up]
    --------
     admin-state enabled
     ip-address SAH
     port 5550
     acl xml-mgmt  [up]
     slm-peering 10
     mode any+soma+v2004+amp+slm
     

  • swlinn
    swlinn
    1395 Posts

    Re: SOAP Mgmt CURL fails

    ‏2013-07-12T15:28:37Z  
    • HisNibs
    • ‏2013-07-12T15:19:18Z

    Yes that data was from a network capture on the datapower.  I have not specified an sslProxy for the XML mgmt interface ( I have tried both http and https)

    curl -k -u admin:password -d @test.xml http://datapower.mycompany.com:5550/service/mgmt/current

    xml-mgmt [up]
    --------
     admin-state enabled
     ip-address SAH
     port 5550
     acl xml-mgmt  [up]
     slm-peering 10
     mode any+soma+v2004+amp+slm
     

    Have you tried https from curl (which by the way -k is only applicable for https)?  By default, the XML Management Interface is secured with https.  There is a custom SSL Proxy Profile that you can specify your own, so if it is saying "none" it just means you have not overridden the default.  I could be wrong, but I am not aware of a mechanism of turning off SSL for XMI.

    Regards,
    Steve

  • HermannSW
    HermannSW
    6065 Posts

    Re: SOAP Mgmt CURL fails

    ‏2013-07-12T17:22:57Z  
    • HisNibs
    • ‏2013-07-12T15:19:18Z

    Yes that data was from a network capture on the datapower.  I have not specified an sslProxy for the XML mgmt interface ( I have tried both http and https)

    curl -k -u admin:password -d @test.xml http://datapower.mycompany.com:5550/service/mgmt/current

    xml-mgmt [up]
    --------
     admin-state enabled
     ip-address SAH
     port 5550
     acl xml-mgmt  [up]
     slm-peering 10
     mode any+soma+v2004+amp+slm
     

    DataPower XML management interface has a "https:" FSH only.
    You cannot access that interface by "http:".

    If you really want (I can see no reason for that besides load tests with tools that cannot https like "ab" (Apache Bench)), the you can create a XML FW or MPGW with HTTP FSH, and passing the request data to "https://127.0.0.1:5550". For that you will have to create a "forward" SSL Proxy profile.

    But be careful, this should be done on dev environments at most.

     

    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>

  • HisNibs
    HisNibs
    87 Posts

    Re: SOAP Mgmt CURL fails

    ‏2013-07-16T12:58:20Z  
    • HermannSW
    • ‏2013-07-12T17:22:57Z

    DataPower XML management interface has a "https:" FSH only.
    You cannot access that interface by "http:".

    If you really want (I can see no reason for that besides load tests with tools that cannot https like "ab" (Apache Bench)), the you can create a XML FW or MPGW with HTTP FSH, and passing the request data to "https://127.0.0.1:5550". For that you will have to create a "forward" SSL Proxy profile.

    But be careful, this should be done on dev environments at most.

     

    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>

    Have got it working, minor syntax issue but with your help managed to isolate the issue. Thanks