symantec_package.lib.allServices package

Submodules

symantec_package.lib.allServices.SymantecServices module

class symantec_package.lib.allServices.SymantecServices.SymantecServices(queryClient, managementClient, userClient)

Bases: object

class SymantecManagementServices(client)

Bases: object

This class acts as a layer of abstraction to handling all management Symantec VIP SOAP calls in Python.

You call this class to handle anything that is related to managing users and credentials.

Example:
>>> client = Client("http://../vipuserservices-mgmt-1.7.wsdl", transport = HTTPSClientCertTransport('vip_certificate.crt','vip_certificate.crt'))
>>> service = SymantecManagementServices(client)
>>> response = service.sendOtpSMS(<parameters here>)
>>> print (response)

Note

Reference HTTPHandler for further information on how to setup the client.

addCredentialOtp(requestId, userId, credentialId, credentialType, otp1, otp2=None, friendlyName=None, trustedCredentialDevice=None, onBehalfOfAccountId=None)
Description:

Assigns a credential to a user in VIP User Services using one time password(s)
Note:

MANDATORY - SMS, voice, and system-generated credentials need to be registered first; Also, you have choice of setting the binding status to Enabled or Disabled upon adding credential to user.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • credentialId (string) – Unique identifier of the credential
  • credentialType (string) – Identifies the credential type: STANDARD_OTP (hardware or software VIP credential, including VIP Access for mobile), CERTIFICATE , SMS_OTP , VOICE_OTP , SERVICE_OTP
  • otp1 (string) – The first one time security code that is generated by the user’s credential.
  • otp2 (string) – The second one time security code that is generated by the user’s credential.
  • friendlyName (string) – A user-defined name to identify the credential.
  • trustedCredentialDevice (boolean) – Allows the device to be remembered in the credential for future easy usage
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
addCredentialTrustedDevice(requestId, userId, credentialId, credentialType, trustedDevice, friendlyName=None, trustedCredentialDevice=None, onBehalfOfAccountId=None)
Description:

Assigns a credential to a user in VIP User Services by setting the device to be remembered
Note:

MANDATORY - SMS, voice, and system-generated credentials need to be registered first
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • credentialId (string) – Unique identifier of the credential
  • credentialType (string) – Identifies the credential type: STANDARD_OTP (hardware or software VIP credential, including VIP Access for mobile), CERTIFICATE , SMS_OTP , VOICE_OTP , SERVICE_OTP
  • trustedDevice (boolean) – Allows the device to be remembered in the credential for future easy usage
  • friendlyName (string) – A user-defined name to identify the credential.
  • trustedCredentialDevice (boolean) – Allows the device to be remembered in the credential for future easy usage
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
clearTemporaryPassword(requestId, userId, onBehalfOfAccountId=None)
Description:

Removes a temporary security code from a user
Note:

If the user attempts to use a temporary security that has been cleared, an error will be returned from VIP User Services stating security code is not set.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
clearUserPin(requestId, userId, onBehalfOfAccountId=None)
Description:

Removes an assigned PIN from an user
Note:

If the user attempts to use a PIN that has already been cleared, or has not been enabled by the user PIN policy, VIP User Services will return an error.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
createUser(requestId, userId, onBehalfOfAccountId=None, pin=None, forcePinChange=None)
Description:

Adds a user to VIP User Services
Note:

By default users are created as Enabled. To disable use updateUser().
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
  • pin (string) – Optional user PIN for 1st factor authentication. 4 to 128 characters max, depending on PIN policy restrictions.
  • forcePinChange (boolean) – Force the PIN to expire after first use.
Returns:

the return SOAP response.
Raises:
deleteUser(requestId, userId, onBehalfOfAccountId=None)
Description:

Delete/remove a user from VIP User Services
Note:

Deleting a user is a cascading operation: when deleted, all credentials associated with user are removed and if credential is not associated with any other user, it is also deactivated.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
getFieldContent(fieldname)
Description:Get content of items in response message
Note:Works only for one line item
Parameters:fieldname (string) – Item name
Returns:The content of input fieldname
getPreviousResponseFirstPairs()
Description:Gets the 1st level of important main response fields from previous VIP SOAP call and tells what fields are accessible
Note:This will not work if there was no previous call in the client.
Returns:list – Containing all the first pair values of each tuple
getPreviousResponseValue(firstPair)
Description:Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:This will not work if there was no previous call in the client.
Parameters:firstPair (string) – The first pair in the tuple field
Returns:The field value at the pair key
getResponseFirstPairs(response)
Description:Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:This requires the SOAP response as a parameter.
Parameters:response (list of tuples) – The SOAP response
Returns:list – Containing all the first pair values of each tuple
getResponseValue(response, firstPair)
Description:

Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:

This requires the SOAP response as a parameter.
Parameters:
  • response (list of tuples) – The SOAP response
  • firstPair (string) – The first pair in the tuple field
Returns:

The field value at the pair key
registerBySMS(requestId, phoneNumber, smsFrom=None, messageTemplate=None, gatewayId=None, gatewayPassword=None, onBehalfOfAccountId=None)
Description:

Registers the mobile phone credential for usage through SMS
Note:

SMS, voice, and system-generated credentials need to be registered first
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • phoneNumber (string) – The phone number credential tied to user (active) for delivering security code. It must range from 5 to 20 digits. Any appended extension must begin with lower-case ‘x’, followed by any combination of the characters: .,# and digits 0 to 9. | example: 488555444x,1112 | **comma* Creates a short delay of approximately 2 seconds. | period Creates a longer delay of approximately 5 seconds. | star Used by some phone systems to access an extension. | pound or hash Used by some phone systems to access an extension.
  • smsFrom (string) – DEPRECATED - Specifies the FROM number that is used to send an SMS message so that the message from receiver can be mapped back.
  • messageTemplate (string ???) – The text that is sent to the user’s SMS device along with security code.
  • gatewayId (string) – The user’s specified gateway Account Id
  • gatewayPassword (string) – The user’s specified gateway Account password
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
registerByServiceOtp(requestId, serviceOtpId, onBehalfOfAccountId=None)
Description:

Registers the phone credential for usage through a service one time password
Note:

DEPRECATED!! SMS, voice, and system-generated credentials need to be registered first
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • serviceOtpId (string) – The id of the service’s Otp
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
registerByVoice(requestId, phoneNumber, language=None, onBehalfOfAccountId=None)
Description:

Registers the phone credential for usage through voice message
Note:

SMS, voice, and system-generated credentials need to be registered first
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • phoneNumber (string) – The phone number credential tied to user (active) for delivering security code. It must range from 5 to 20 digits. Any appended extension must begin with lower-case ‘x’, followed by any combination of the characters: .,# and digits 0 to 9. | example: 488555444x,1112 | **comma* Creates a short delay of approximately 2 seconds. | period Creates a longer delay of approximately 5 seconds. | star Used by some phone systems to access an extension. | pound or hash Used by some phone systems to access an extension.
  • language (string) – The language that the security code message is in. Only supported language is en-us
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
removeCredential(requestId, userId, credentialId, credentialType, trustedDevice=None, onBehalfOfAccountId=None)
Description:

Removes a credential from a user
Note:

If the credential is not associated with any other user, the credential is also deactivated. Also, if the device deletion policy for Remembered Devices is set to Admin Only, credentials can only be removed through VIP Manager (ERROR code: 6010).
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • credentialId (string) – Unique identifier of the credential
  • credentialType (string) – Identifies the credential type: STANDARD_OTP (hardware or software VIP credential, including VIP Access for mobile), CERTIFICATE , SMS_OTP , VOICE_OTP , SERVICE_OTP
  • trustedDevice (boolean) – Allows the device to be remembered in the credential for future easy usage
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
sendOtpSMS(requestId, userId, phoneNumber, isGatewayAcctInfo=False, onBehalfOfAccountId=None, smsFrom=None, messageTemplate=None, gatewayId=None, gatewayPassword=None)
Description:

Sends a one time password to a mobile phone
Note:
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • phoneNumber (string) – The phone number credential tied to user (active) for delivering security code. It must range from 5 to 20 digits. Any appended extension must begin with lower-case ‘x’, followed by any combination of the characters: .,# and digits 0 to 9. | example: 488555444x,1112 | **comma* Creates a short delay of approximately 2 seconds. | period Creates a longer delay of approximately 5 seconds. | star Used by some phone systems to access an extension. | pound or hash Used by some phone systems to access an extension.
  • isGatewayAcctInfo (boolean) – Should we use a gateway?
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
  • smsFrom (string) – DEPRECATED - Specifies the FROM number that is used to send an SMS message so that the message from receiver can be mapped back.
  • messageTemplate (string ???) – The text that is sent to the user’s SMS device along with security code.
  • gatewayId (string) – The user’s specified gateway Account Id
  • gatewayPassword (string) – The user’s specified gateway Account password
Returns:

the return SOAP response.
Raises:
setTemporaryPasswordAttributes(requestId, userId, expirationTime=None, oneTimeUseOnly=None, onBehalfOfAccountId=None)
Description:

Changes the expiration date for a temporary security code you previously set using the setTemporaryPassword()
Note:
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • expirationDate (dateTime) – The temporary security code expiration time (maximum of 30 days) using GMT time zone. If no date is provided, the default expiration period of 1 day is used to calculate the security code expiration.
  • oneTimeUseOnly (boolean) – If this field is set to “true”, the temporary security code expires after one use, or at the expiration date. The default value is “false”.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
setTemporaryPasswordSMSDelivery(requestId, userId, phoneNumber, smsFrom=None, messageTemplate=None, gatewayId=None, gatewayPassword=None, temporaryPassword=None, expirationDate=None, oneTimeUseOnly=None, onBehalfOfAccountId=None)
Description:

Sets a temporary security code for a user through SMS text message
Note_1:

Can optionally set an expiration date for the security code, or set it for one-time use only. The request requires the user ID and optionally, the temporary security code string. If you do not provide a security code, VIP User Services automatically generates one for you.
Note_2:

You can clear the security code with clearTemporaryPassword. Also, if a user is authenticated using a security code generated by a valid credential, VP User Services automatically clears the temporary security code.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • phoneNumber (string) – The phone number credential tied to user (active) for delivering security code. It must range from 5 to 20 digits. Any appended extension must begin with lower-case ‘x’, followed by any combination of the characters: .,# and digits 0 to 9. | example: 488555444x,1112 | **comma* Creates a short delay of approximately 2 seconds. | period Creates a longer delay of approximately 5 seconds. | star Used by some phone systems to access an extension. | pound or hash Used by some phone systems to access an extension.
  • smsFrom (string) – DEPRECATED - Specifies the FROM number that is used to send an SMS message so that the message from receiver can be mapped back.
  • messageTemplate (string ???) – The text that is sent to the user’s SMS device along with security code.
  • gatewayId (string) – The user’s specified gateway Account Id
  • gatewayPassword (string) – The user’s specified gateway Account password
  • temporaryPassword (string) – Temporary security code is either empty or 6 numeric characters. If this field is left empty, a security code will be auto-generated for the user.
  • expirationDate (dateTime) – The temporary security code expiration time (maximum of 30 days) using GMT time zone. If no date is provided, the default expiration period of 1 day is used to calculate the security code expiration.
  • oneTimeUseOnly (boolean) – If this field is set to “true”, the temporary security code expires after one use, or at the expiration date. The default value is “false”.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
setTemporaryPasswordVoiceDelivery(requestId, userId, phoneNumber, language=None, temporaryPassword=None, expirationDate=None, oneTimeUseOnly=None, onBehalfOfAccountId=None)
Description:

Sets a temporary security code for a user through SMS Voice message
Note_1:

Can optionally set an expiration date for the security code, or set it for one-time use only. The request requires the user ID and optionally, the temporary security code string. If you do not provide a security code, VIP User Services automatically generates one for you.
Note_2:

You can clear the security code with clearTemporaryPassword. Also, if a user is authenticated using a security code generated by a valid credential, VP User Services automatically clears the temporary security code.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • phoneNumber (string) – The phone number credential tied to user (active) for delivering security code. It must range from 5 to 20 digits. Any appended extension must begin with lower-case ‘x’, followed by any combination of the characters: .,# and digits 0 to 9. | example: 488555444x,1112 | **comma* Creates a short delay of approximately 2 seconds. | period Creates a longer delay of approximately 5 seconds. | star Used by some phone systems to access an extension. | pound or hash Used by some phone systems to access an extension.
  • language (string) – The language that the security code message is in. Only supported language is en-us
  • temporaryPassword (string) – Temporary security code is either empty or 6 numeric characters. If this field is left empty, a security code will be auto-generated for the user.
  • expirationDate (dateTime) – The temporary security code expiration time (maximum of 30 days) using GMT time zone. If no date is provided, the default expiration period of 1 day is used to calculate the security code expiration.
  • oneTimeUseOnly (boolean) – If this field is set to “true”, the temporary security code expires after one use, or at the expiration date. The default value is “false”.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
updateCredential(requestId, userId, credentialId, credentialType, friendlyName, onBehalfOfAccountId=None)
Description:

Updates the friendly name of a credential
Note:

The updateCredential API includes unique identifiers of the request for the enterprise application, for the user, and for the credential.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • credentialId (string) – Unique identifier of the credential
  • credentialType (string) – Identifies the credential type: STANDARD_OTP (hardware or software VIP credential, including VIP Access for mobile), CERTIFICATE , SMS_OTP , VOICE_OTP , SERVICE_OTP
  • friendlyName (string) – A user-defined name to identify the credential.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
updateUser(requestId, userId, newUserId=None, newUserStatus=None, oldPin=None, newPin=None, forcePinChange=None, onBehalfOfAccountId=None)
Description:

Update information about an user in VIP User Services
Note:

Also, enables or disables a user.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • newUserId (string) – Case-sensitive unique replacement ID for the user. If element isn’t provided, user ID is not changed.
  • newUserStatus (string) – New status of user: ACTIVE or DISABLED; If element is not provided, the user status is not changed.
  • oldPin (string) – The existing user PIN. If value is provided without a newPin value an error is returned. Else if the oldPin is not prvided, but a newPin value is provided, the user is updated with newPin.
  • newPin (string) – The new user PIN. If value does not meet requirements of the PIN policy, an error is returned. Else if the PIN policy has not been enabled for the user, an error is returned.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
  • forcePinChange (boolean) – Force the PIN to expire after first use.
Returns:

the return SOAP response.
Raises:
class SymantecServices.SymantecQueryServices(client)

Bases: object

This class acts as a layer of abstraction to handling all query Symantec VIP SOAP calls in Python.

You call this class to handle anything that is related to user info and transaction status

Example:

>>> client = Client("http://../vipuserservices-query-1.7.wsdl", transport = HTTPSClientCertTransport('vip_certificate.crt','vip_certificate.crt'))

>>> service = SymantecQueryServices(client)

>>> response = service.getUserInfo(<parameters here>)

>>> print (response)

Note

Reference HTTPHandler for further information on how to setup the client.

getCredentialInfo(requestId, credentialId, credentialType='STANDARD_OTP', includePushAttributes=None, onBehalfOfAccountId=None)
Description:

Get detail info of a registered credential
Note:
Parameters:
  • requestId (string) – A identifier ID of a call, may be useful for troubleshooting
  • credentialType (string) – Type of this credential
  • includePushAttributes (string) – Include push attributes in response message
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
CredentialId:

A unique identifier for every credential
Returns:

the return SOAP response.
getFieldContent(fieldname)
Description:Get content of items in response message
Note:Works only for one line item
Parameters:fieldname (string) – Item name
Returns:The content of input fieldname
getPreviousResponseFirstPairs()
Description:Gets the 1st level of important main response fields from previous VIP SOAP call and tells what fields are accessible
Note:This will not work if there was no previous call in the client.
Returns:list – Containing all the first pair values of each tuple
getPreviousResponseValue(firstPair)
Description:Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:This will not work if there was no previous call in the client.
Parameters:firstPair (string) – The first pair in the tuple field
Returns:The field value at the pair key
getResponseFirstPairs(response)
Description:Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:This requires the SOAP response as a parameter.
Parameters:response (list of tuples) – The SOAP response
Returns:list – Containing all the first pair values of each tuple
getResponseValue(response, firstPair)
Description:

Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:

This requires the SOAP response as a parameter.
Parameters:
  • response (list of tuples) – The SOAP response
  • firstPair (string) – The first pair in the tuple field
Returns:

The field value at the pair key
getServerTime(requestId, onBehalfOfAccountId=None)
Description:

Get server time
Note:
Parameters:
  • requestId (string) – A identifier ID of a call, may be useful for troubleshooting
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
getTemporaryPasswordAttributes(requestId, userId, onBehalfOfAccountId=None)
Description:

Get associated attributes of a temporary password
Note:
Parameters:
  • requestId (string) – A identifier ID of a call, may be useful for troubleshooting
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
UserId:

Unique userid registered in VIP
Returns:

the return SOAP response.
getUserInfo(requestId, userId, onBehalfOfAccountId=None, iaInfo=True, includePushAttributes=True)
Description:

Get the account info of a VIP user
Note:
Parameters:
  • requestId (string) – A identifier ID of a call, may be useful for troubleshooting
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
  • iaInfo (boolean) – Includes iaInfo in response message
  • includesPushAttributes (bollean) – Includes push attributes in response message
UserId:

Unique user id regisered on VIP
Returns:

the return SOAP response.
pollPushStatus(requestId, transactionId, onBehalfOfAccountId=None)
Description:

Poll status of a sent push notification
Note:

It is associate with a unique transaction ID
Parameters:
  • requestId (string) – A identifier ID of a call, may be useful for troubleshooting
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
TransactionId:

A unique identifier for a push transaction
Returns:

the return SOAP response.
class SymantecServices.SymantecUserServices(client)

Bases: object

This class acts as a layer of abstraction to handling all user services Symantec VIP SOAP calls in Python.

You call this class to handle anything that is related to authenticating users and credentials.

Example:
>>> client = Client("http://../vipuserservices-auth-1.7.wsdl", transport = HTTPSClientCertTransport('vip_certificate.crt','vip_certificate.crt'))
>>> service = SymantecUserServices(client)
>>> response = service.authenticateUser(<parameters here>)
>>> print (response)

Note

Reference HTTPHandler for further information on how to setup the client.

authenticateCredentialWithPush(requestId, credentialId, activate=None, pushAuthData=None, key='authLevel.level', value=None, authContext=None, onBehalfOfAccountId=None)
Description:

Authenticates a user via a Push notification using their credential ID.
Note:
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • credentialId (string) – The unique identifier for the hardware credential being used. (Could be your phone, desktop, etc.)
  • activate (boolean) – Activates a credential. If otpAuthData is provided, it consumes the OTP to authenticate. If pushAuthData is used, sends a push notification to the credential for authentication.
  • authContext (dict) – A map containing the parameters that control how the authentication is performed. Example format: authContext={“params”:{“Key”:authLevel.level, “Value”:<the authentication level described next>}}. VIP User Services accepts an authentication level for the authContext field. The authentication level defines the credential types that can be validated with this request. This level must match an authentication level configured in VIP Manager. ■ Key: Enter authLevel.level ■ Value: Enter the authentication level value (as an integer from 1 - 10).
  • value (string) – The authentication level value (1-10)
Returns:

the return SOAP response.
Raises:
authenticateCredentialWithSMS(requestId, credentialId_phoneNumber, otp1, otp2=None, activate=None, onBehalfOfAccountId=None)
Description:

Authenticates a user via an SMS code sent to their device using their credential ID and that OTP sent.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • credentialId_phoneNumber (string) – The phone number of the device. Must be in ten-digit format without any dashes or delimiters (Example: 12345678900).
  • otp1 (string) – The One Time Password generated by the user’s credential.
  • otp2 (string) – (Optional) - A second OTP.
  • activate (boolean) – Activates a credential. If otpAuthData is provided, it consumes the OTP to authenticate. If pushAuthData is used, sends a push notification to the credential for authentication.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
authenticateCredentialWithStandard_OTP(requestId, credentialId, otp1, otp2=None, activate=None, onBehalfOfAccountId=None)
Description:

Authenticates a user via the 6-digit OTP generated by their device on the Symantec VIP Access app.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • credentialId (string) – The unique identifier for the hardware credential being used. (Could be your phone, desktop, etc.)
  • otp1 (string) – The One Time Password generated by the user’s credential.
  • otp2 (string) – (Optional) - A second OTP.
  • activate (boolean) – Activates a credential. If otpAuthData is provided, it consumes the OTP to authenticate. If pushAuthData is used, sends a push notification to the credential for authentication.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
authenticateCredentials(requestId, credentials, otp1=None, otp2=None, pushAuthData=None, activate=None, authContext=None, onBehalfOfAccountId=None)
Description:

*Authenticates a credential with VIP Services. *
Note:

Must provide either OTP data OR push data (pushAuthData)
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • credentials (dict) – Credential information in a dict in the following format {“credentialId”:<some_id> , “credentialType”:<one of STANDARD_OTP or SMS_OTP>}
  • otp1 (string) – The One Time Password generated by the user’s credential.
  • otp2 (string) – (Optional) - A second OTP.
  • activate (boolean) – Activates a credential. If otpAuthData is provided, it consumes the OTP to authenticate. If pushAuthData is used, sends a push notification to the credential for authentication.
  • authContext (dict) – A map containing the parameters that control how the authentication is performed. Example format: authContext={“params”:{“Key”:authLevel.level, “Value”:<the authentication level described next>}}. VIP User Services accepts an authentication level for the authContext field. The authentication level defines the credential types that can be validated with this request. This level must match an authentication level configured in VIP Manager. ■ Key: Enter authLevel.level ■ Value: Enter the authentication level value (as an integer from 1 - 10).
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
authenticateUser(requestId, userId, otp1, otp2=None, value=None, key='authLevel.level', authContext=None, pin=None, onBehalfOfAccountId=None)
Description:

Authenticates a user by userID with Symantec VIP Services
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • otp1 (string) – The One Time Password generated by the user’s credential.
  • otp2 (string) – (Optional) - A second OTP.
  • value (string) – The authentication level value (1-10)
  • authContext (string) – A map containing the parameters that control how the authentication is performed. VIP User Services accepts an authentication level for the authContext field. The authentication level defines the credential types that can be validated with this request. This level must match an authentication level configured in VIP Manager. ■ Key: Enter authLevel.level ■ Value: Enter the authentication level value (as an integer from 1 - 10).
  • pin (string) – Optional user PIN for first-factor authentication. The PIN may be 4 to 128 international characters in length, depending on restrictions of the PIN policy.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
authenticateUserWithPush(requestId, userId, pin=None, pushAuthData=None, key='authLevel.level', value=None, authContext=None, onBehalfOfAccountId=None)
Description:

Authenticates a user via a Push notification using their user ID.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – The unique userID stored in Symantec VIP Services.
  • pin (string) – Optional user PIN for first-factor authentication. The PIN may be 4 to 128 international characters in length, depending on restrictions of the PIN policy.
  • value (string) – The authentication level value (1-10)
  • authContext (dict) – A map containing the parameters that control how the authentication is performed. Example format: authContext={“params”:{“Key”:authLevel.level, “Value”:<the authentication level described next>}}. VIP User Services accepts an authentication level for the authContext field. The authentication level defines the credential types that can be validated with this request. This level must match an authentication level configured in VIP Manager. ■ Key: Enter authLevel.level ■ Value: Enter the authentication level value (as an integer from 1 - 10).
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
checkOtp(requestId, userId, otp1, otp2=None, value=None, key='authLevel.level', authContext=None, onBehalfOfAccountId=None)
Description:

Authenticates a user via the OTP generated by their device in the VIP Access application using their user ID.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – The unique userID stored in Symantec VIP Services.
  • otp1 (string) – The One Time Password generated by the user’s credential.
  • otp2 (string) – (Optional) - A second OTP.
  • value (string) – The authentication level value (1-10)
  • authContext (dict) – A map containing the parameters that control how the authentication is performed. Example format: authContext={“params”:{“Key”:authLevel.level, “Value”:<the authentication level described next>}}. VIP User Services accepts an authentication level for the authContext field. The authentication level defines the credential types that can be validated with this request. This level must match an authentication level configured in VIP Manager. ■ Key: Enter authLevel.level ■ Value: Enter the authentication level value (as an integer from 1 - 10).
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
confirmRisk(requestId, UserId, EventId, VerifyMethod=None, KeyValuePair=None, onBehalfOfAccountId=None)
Description:

For VIP Intelligent Authentication, you need to apply the confirmRisk API if the evaluateRisk API determined a sign-in event was risky, and the site’s user challenge response also failed.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • UserId (string) – Unique ID for the user (for example, the user email address, the user’s login name, or a unique ID that maps to user’s login name). The userId accepts 1 to 128 international characters. The user ID is not case-sensitive in look-up operations.
  • EventId (string) – The ID of the current event generated by IA.
  • VerifyMethod (string) – Method that is used to challenge a risky sign-in event, from 1 to 64 characters.
  • KeyValuePair (list) – List of key values pairs
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
convert_to_hash(d)

Convert Suds object into serializable format.

denyRisk(requestId, UserId, EventId, VerifyMethod=None, IAAuthData=None, isRememberDevice=None, FriendlyName=None, KeyValuePair=None, onBehalfOfAccountId=None)
Description:

For VIP Intelligent Authentication, you need to apply the confirmRisk API if the evaluateRisk API determined a sign-in event was risky, and the site’s user challenge response also failed.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • UserId (string) – Unique ID for the user (for example, the user email address, the user’s login name, or a unique ID that maps to user’s login name). The userId accepts 1 to 128 international characters. The user ID is not case-sensitive in look-up operations.
  • EventId (string) – The ID of the current event generated by IA.
  • VerifyMethod (string) – Method that is used to challenge a risky sign-in event, from 1 to 64 characters.
  • IAAuthData (string) – “Fingerprint” of the device, collected from browser.
  • isRememberDevice (boolean) – Sets “true” if the end user has chosen to always have device recognized. The device tag is then bound to the end user. If the end user elects not to have the device recognized, this value is “false.”
  • FriendlyName (string) – A descriptive name provided by the user during registration. If the user did not provide a name, a default friendly name is used.
  • KeyValuePair (list) – List of key values pairs
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
evaluateRisk(requestId, UserId, IpAddress, UserAgent, IAAuthData=None, KeyValuePair=None, onBehalfOfAccountId=None)
Description:

You can use the evaluateRisk API to assess whether a particular sign-in event is considered risky. Note that this information only identifies the potential risk of a particular event; the enterprise should challenge the user for additional authentication to determine if the event is actually fraudulent.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • UserId (string) – Unique ID for the user (for example, the user email address, the user’s login name, or a unique ID that maps to user’s login name). The userId accepts 1 to 128 international characters. The user ID is not case-sensitive in look-up operations.
  • IpAddress (string) – IP address in decimal format (for example, 209.191.122.70).
  • UserAgent (string) – Browser user agent. Should not exceed 250 characters.
  • IAAuthData (string) – “Fingerprint” of the device, collected from browser.
  • KeyValuePair (list) – List of key values pairs
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
getFieldContent(fieldname)
Description:Get content of items in response message
Note:Works only for one line item
Parameters:fieldname (string) – Item name
Returns:The content of input fieldname
getPreviousResponseFirstPairs()
Description:Gets the 1st level of important main response fields from previous VIP SOAP call and tells what fields are accessible
Note:This will not work if there was no previous call in the client.
Returns:list – Containing all the first pair values of each tuple
getPreviousResponseValue(firstPair)
Description:Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:This will not work if there was no previous call in the client.
Parameters:firstPair (string) – The first pair in the tuple field
Returns:The field value at the pair key
getResponseFirstPairs(response)
Description:Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:This requires the SOAP response as a parameter.
Parameters:response (list of tuples) – The SOAP response
Returns:list – Containing all the first pair values of each tuple
getResponseValue(response, firstPair)
Description:

Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:

This requires the SOAP response as a parameter.
Parameters:
  • response (list of tuples) – The SOAP response
  • firstPair (string) – The first pair in the tuple field
Returns:

The field value at the pair key
SymantecServices.addCredentialOtp(requestId, userId, credentialId, credentialType, otp1, otp2=None, friendlyName=None, trustedCredentialDevice=None, onBehalfOfAccountId=None)
SymantecServices.addCredentialTrustedDevice(requestId, userId, credentialId, credentialType, trustedDevice, friendlyName=None, trustedCredentialDevice=None, onBehalfOfAccountId=None)
SymantecServices.authenticateCredentialWithPush(requestId, credentialId_phone, activate=None, pushAuthData=None, key='authLevel.level', value=None, authContext=None, onBehalfOfAccountId=None)
SymantecServices.authenticateCredentialWithSMS(requestId, credentialId_phoneNumber, otp1, otp2=None, activate=None, onBehalfOfAccountId=None)
SymantecServices.authenticateCredentialWithStandard_OTP(requestId, credentialId, otp1, otp2=None, activate=None, onBehalfOfAccountId=None)
SymantecServices.authenticateCredentials(requestId, credentials, otp1=None, otp2=None, pushAuthData=None, activate=None, authContext=None, onBehalfOfAccountId=None)
SymantecServices.authenticateUser(requestId, userId, otp1, otp2=None, value=None, key='authLevel.level', authContext=None, pin=None, onBehalfOfAccountId=None)
SymantecServices.authenticateUserWithPush(requestId, userId, pin=None, pushAuthData=None, key='authLevel.level', value=None, authContext=None, onBehalfOfAccountId=None)
SymantecServices.authenticateUserWithPushThenPolling(requestIdPush, requestIdPoll, userId, queryTimeout=60, queryInterval=5, displayParams=None, requestParams=None, authContext=None, onBehalfOfAccountId=None)
Description:

Uses both query and management clients as well as simple logic to provide a sample solution to authenicating a login quickly with pushing to mobile
Note:
Parameters:
  • requestIds (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • queryTimeout (int) – The time in seconds on how long the function will poll for before timing out.
  • queryInterval (int) – The time in seconds on how frequent the function will send a poll request.
  • displayParams (list) – Passes and displays content to end users in the push notification. You can customize display messages up to 250 characters. However, some phones may not display complete messages. The following keys are currently supported: Note: This input field contains parameters that define the push notification that is sent to the user’s push-capable mobile device. - display.message.title: Title of themodal This value is used for standard push authentication requests. It is not applicable to biometric fingerprint or VIP PIN authentication on the mobile device. - display.message.text: Text of modal - display.message.profile: Indicates the login URL or profile.
  • requestParams (list) – The following keys are currently supported: request.timeout: numeric value that indicates the timeout period in seconds of the push authentication request that is sent to the user’s mobile devices.
  • authContext (dict) – A map containing the parameters that control how the authentication is performed. Example format: authContext={“params”:{“Key”:authLevel.level, “Value”:<the authentication level described next>}}. VIP User Services accepts an authentication level for the authContext field. The authentication level defines the credential types that can be validated with this request. This level must match an authentication level configured in VIP Manager. ■ Key: Enter authLevel.level ■ Value: Enter the authentication level value (as an integer from 1 - 10).
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
SymantecServices.checkOtp(requestId, userId, otp1, otp2=None, value=None, key='authLevel.level', onBehalfOfAccountId=None)
SymantecServices.clearTemporaryPassword(requestId, userId, onBehalfOfAccountId=None)
SymantecServices.clearUserPin(requestId, userId, onBehalfOfAccountId=None)
SymantecServices.confirmRisk(requestId, UserId, EventId, VerifyMethod=None, KeyValuePair=None, onBehalfOfAccountId=None)
SymantecServices.createUser(requestId, userId, onBehalfOfAccountId=None, pin=None, forcePinChange=None)
SymantecServices.deleteUser(requestId, userId, onBehalfOfAccountId=None)
SymantecServices.denyRisk(requestId, UserId, EventId, VerifyMethod=None, IAAuthData=None, isRememberDevice=None, FriendlyName=None, KeyValuePair=None, onBehalfOfAccountId=None)
SymantecServices.evaluateRisk(requestId, UserId, IpAddress, UserAgent, IAAuthData=None, KeyValuePair=None, onBehalfOfAccountId=None)
SymantecServices.getCredentialInfo(requestId, credentialId, credentialType='STANDARD_OTP', includePushAttributes=None, onBehalfOfAccountId=None)
SymantecServices.getFieldContent(fieldname)
Description:Get content of items in response message
Note:Works only for one line item
Parameters:fieldname (string) – Item name
Returns:The content of input fieldname
SymantecServices.getPreviousResponseFirstPairs()
Description:Gets the 1st level of important main response fields from previous VIP SOAP call and tells what fields are accessible
Note:This will not work if there was no previous call in the client.
Returns:list – Containing all the first pair values of each tuple
SymantecServices.getPreviousResponseValue(firstPair)
Description:Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:This will not work if there was no previous call in the client.
Parameters:firstPair (string) – The first pair in the tuple field
Returns:The field value at the pair key
SymantecServices.getResponseFirstPairs(response)
Description:Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:This requires the SOAP response as a parameter.
Parameters:response (list of tuples) – The SOAP response
Returns:list – Containing all the first pair values of each tuple
SymantecServices.getResponseValue(response, firstPair)
Description:

Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:

This requires the SOAP response as a parameter.
Parameters:
  • response (list of tuples) – The SOAP response
  • firstPair (string) – The first pair in the tuple field
Returns:

The field value at the pair key
SymantecServices.getServerTime(requestId, onBehalfOfAccountId=None)
SymantecServices.getTemporaryPasswordAttributes(requestId, userId, onBehalfOfAccountId=None)
SymantecServices.getUserInfo(requestId, userId, onBehalfOfAccountId=None, iaInfo=True, includePushAttributes=True)
SymantecServices.pollPushStatus(requestId, transactionId)
SymantecServices.registerBySMS(requestId, phoneNumber, smsFrom=None, messageTemplate=None, gatewayId=None, gatewayPassword=None, onBehalfOfAccountId=None)
SymantecServices.registerByServiceOtp(requestId, serviceOtpId, onBehalfOfAccountId=None)
SymantecServices.registerByVoice(requestId, phoneNumber, language=None, onBehalfOfAccountId=None)
SymantecServices.removeCredential(requestId, userId, credentialId, credentialType, trustedDevice=None, onBehalfOfAccountId=None)
SymantecServices.sendOtpSMS(requestId, userId, phoneNumber, isGatewayAcctInfo=False, onBehalfOfAccountId=None, smsFrom=None, messageTemplate=None, gatewayId=None, gatewayPassword=None)
SymantecServices.setTemporaryPasswordAttributes(requestId, userId, expirationTime=None, oneTimeUseOnly=None, onBehalfOfAccountId=None)
SymantecServices.setTemporaryPasswordSMSDelivery(requestId, userId, phoneNumber, smsFrom=None, messageTemplate=None, gatewayId=None, gatewayPassword=None, temporaryPassword=None, expirationDate=None, oneTimeUseOnly=None, onBehalfOfAccountId=None)
SymantecServices.setTemporaryPasswordVoiceDelivery(requestId, userId, phoneNumber, language=None, temporaryPassword=None, expirationDate=None, oneTimeUseOnly=None, onBehalfOfAccountId=None)
SymantecServices.sys = <module 'sys' (built-in)>
SymantecServices.updateCredential(requestId, userId, credentialId, credentialType, friendlyName, onBehalfOfAccountId=None)
SymantecServices.updateUser(requestId, userId, newUserId=None, newUserStatus=None, oldPin=None, newPin=None, forcePinChange=None, onBehalfOfAccountId=None)

Module contents