Does SAVON support client side certificates authentication

I'm evaluating savon for consuming webservices... but I dont find any information if I can use a SSL client side certificate to authenticate against the server that provides the SOAP webservices. I read the documentation but didn't find anything about it.

Does anyone know if SAVON supports client side certificate authentication?

Regards Fak

rubiii

the latest stable version of Savon (2.2.0 at this moment) supports SSL client certificates via global options. Please refer to the SSL section in the documentation.

Here is some example code, assuming httpclient is used with httpi:

savonConfig = {
    :namespace => "http://...com",
    :endpoint => 'https://...:557/x/b/c',
    #:wsdl => 'https://...:557/x/b/c?wsdl',
    :log_level => :debug,
    :log => true,
    :ssl_verify_mode => :none,
    :ssl_cert_file => 'publicCert.pem',
    :ssl_cert_key_file => 'privateKey.pem',
    :ssl_cert_key_password => '1234',
    :open_timeout => 600,
    :read_timeout => 600
}

client = Savon.client savonConfig

soapBody = {
...
}


calcResponse = client.call(:charge, :message => soapBody)

If you have a pfx certificate/key file, you may have problems using it directly - so you might want to split them out into separate files - see this page for info: Extract public/private key from PKCS12 file for later use in SSH-PK-Authentification

Hope that helps!
Daniel

We are having issues trying to get savon client to work with ssl client auth but at same time bypass host verification....

https://github.com/savonrb/savon/issues/679

client = Savon.client(log_level: :debug,
log: true,
ssl_verify_mode: :none,
ssl_cert_file: (Rails.root + 'signed.cer').to_s,
ssl_cert_key_file: ('private.key').to_s,
wsdl: "https://example.com/Service?wsdl",
endpoint: "https://example.com/Service")

fails with Like HTTPI GET request to wir.dhswir.org (net_http) HTTPI::SSLError: SSL_read: ssl handshake failure

no moe info..

We have tried savon 2.2.0, 2.3.0, and 2.11.0. with slightly varying error messages.

We are using same PEM formatted key and cert to savon and using unix WGET to compare. WGET will fail if we dont pass --no-check-certificate, however if we add that it passes and can do ssl client auth and get access

wget 'https://example.com/CDC/VaccinationService?wsdl'  --certificate=example-int-wi-signed.cer --private-key=private.key -O- --no-check-certificate

来源：https://stackoverflow.com/questions/15973285/does-savon-support-client-side-certificates-authentication

标签

ruby

ssl-certificate

savon