symantec_package.lib.managementService package

Submodules

symantec_package.lib.managementService.SymantecManagementServices module

class symantec_package.lib.managementService.SymantecManagementServices.SymantecManagementServices(client)

Bases: object

This class acts as a layer of abstraction to handling all management Symantec VIP SOAP calls in Python.

You call this class to handle anything that is related to managing users and credentials.

Example:
>>> client = Client("http://../vipuserservices-mgmt-1.7.wsdl", transport = HTTPSClientCertTransport('vip_certificate.crt','vip_certificate.crt'))
>>> service = SymantecManagementServices(client)
>>> response = service.sendOtpSMS(<parameters here>)
>>> print (response)

Note

Reference HTTPHandler for further information on how to setup the client.

addCredentialOtp(requestId, userId, credentialId, credentialType, otp1, otp2=None, friendlyName=None, trustedCredentialDevice=None, onBehalfOfAccountId=None)
Description:

Assigns a credential to a user in VIP User Services using one time password(s)
Note:

MANDATORY - SMS, voice, and system-generated credentials need to be registered first; Also, you have choice of setting the binding status to Enabled or Disabled upon adding credential to user.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • credentialId (string) – Unique identifier of the credential
  • credentialType (string) – Identifies the credential type: STANDARD_OTP (hardware or software VIP credential, including VIP Access for mobile), CERTIFICATE , SMS_OTP , VOICE_OTP , SERVICE_OTP
  • otp1 (string) – The first one time security code that is generated by the user’s credential.
  • otp2 (string) – The second one time security code that is generated by the user’s credential.
  • friendlyName (string) – A user-defined name to identify the credential.
  • trustedCredentialDevice (boolean) – Allows the device to be remembered in the credential for future easy usage
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
addCredentialTrustedDevice(requestId, userId, credentialId, credentialType, trustedDevice, friendlyName=None, trustedCredentialDevice=None, onBehalfOfAccountId=None)
Description:

Assigns a credential to a user in VIP User Services by setting the device to be remembered
Note:

MANDATORY - SMS, voice, and system-generated credentials need to be registered first
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • credentialId (string) – Unique identifier of the credential
  • credentialType (string) – Identifies the credential type: STANDARD_OTP (hardware or software VIP credential, including VIP Access for mobile), CERTIFICATE , SMS_OTP , VOICE_OTP , SERVICE_OTP
  • trustedDevice (boolean) – Allows the device to be remembered in the credential for future easy usage
  • friendlyName (string) – A user-defined name to identify the credential.
  • trustedCredentialDevice (boolean) – Allows the device to be remembered in the credential for future easy usage
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
clearTemporaryPassword(requestId, userId, onBehalfOfAccountId=None)
Description:

Removes a temporary security code from a user
Note:

If the user attempts to use a temporary security that has been cleared, an error will be returned from VIP User Services stating security code is not set.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
clearUserPin(requestId, userId, onBehalfOfAccountId=None)
Description:

Removes an assigned PIN from an user
Note:

If the user attempts to use a PIN that has already been cleared, or has not been enabled by the user PIN policy, VIP User Services will return an error.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
createUser(requestId, userId, onBehalfOfAccountId=None, pin=None, forcePinChange=None)
Description:

Adds a user to VIP User Services
Note:

By default users are created as Enabled. To disable use updateUser().
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
  • pin (string) – Optional user PIN for 1st factor authentication. 4 to 128 characters max, depending on PIN policy restrictions.
  • forcePinChange (boolean) – Force the PIN to expire after first use.
Returns:

the return SOAP response.
Raises:
deleteUser(requestId, userId, onBehalfOfAccountId=None)
Description:

Delete/remove a user from VIP User Services
Note:

Deleting a user is a cascading operation: when deleted, all credentials associated with user are removed and if credential is not associated with any other user, it is also deactivated.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
getFieldContent(fieldname)
Description:Get content of items in response message
Note:Works only for one line item
Parameters:fieldname (string) – Item name
Returns:The content of input fieldname
getPreviousResponseFirstPairs()
Description:Gets the 1st level of important main response fields from previous VIP SOAP call and tells what fields are accessible
Note:This will not work if there was no previous call in the client.
Returns:list – Containing all the first pair values of each tuple
getPreviousResponseValue(firstPair)
Description:Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:This will not work if there was no previous call in the client.
Parameters:firstPair (string) – The first pair in the tuple field
Returns:The field value at the pair key
getResponseFirstPairs(response)
Description:Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:This requires the SOAP response as a parameter.
Parameters:response (list of tuples) – The SOAP response
Returns:list – Containing all the first pair values of each tuple
getResponseValue(response, firstPair)
Description:

Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:

This requires the SOAP response as a parameter.
Parameters:
  • response (list of tuples) – The SOAP response
  • firstPair (string) – The first pair in the tuple field
Returns:

The field value at the pair key
registerBySMS(requestId, phoneNumber, smsFrom=None, messageTemplate=None, gatewayId=None, gatewayPassword=None, onBehalfOfAccountId=None)
Description:

Registers the mobile phone credential for usage through SMS
Note:

SMS, voice, and system-generated credentials need to be registered first
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • phoneNumber (string) – The phone number credential tied to user (active) for delivering security code. It must range from 5 to 20 digits. Any appended extension must begin with lower-case ‘x’, followed by any combination of the characters: .,# and digits 0 to 9. | example: 488555444x,1112 | **comma* Creates a short delay of approximately 2 seconds. | period Creates a longer delay of approximately 5 seconds. | star Used by some phone systems to access an extension. | pound or hash Used by some phone systems to access an extension.
  • smsFrom (string) – DEPRECATED - Specifies the FROM number that is used to send an SMS message so that the message from receiver can be mapped back.
  • messageTemplate (string ???) – The text that is sent to the user’s SMS device along with security code.
  • gatewayId (string) – The user’s specified gateway Account Id
  • gatewayPassword (string) – The user’s specified gateway Account password
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
registerByServiceOtp(requestId, serviceOtpId, onBehalfOfAccountId=None)
Description:

Registers the phone credential for usage through a service one time password
Note:

DEPRECATED!! SMS, voice, and system-generated credentials need to be registered first
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • serviceOtpId (string) – The id of the service’s Otp
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
registerByVoice(requestId, phoneNumber, language=None, onBehalfOfAccountId=None)
Description:

Registers the phone credential for usage through voice message
Note:

SMS, voice, and system-generated credentials need to be registered first
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • phoneNumber (string) – The phone number credential tied to user (active) for delivering security code. It must range from 5 to 20 digits. Any appended extension must begin with lower-case ‘x’, followed by any combination of the characters: .,# and digits 0 to 9. | example: 488555444x,1112 | **comma* Creates a short delay of approximately 2 seconds. | period Creates a longer delay of approximately 5 seconds. | star Used by some phone systems to access an extension. | pound or hash Used by some phone systems to access an extension.
  • language (string) – The language that the security code message is in. Only supported language is en-us
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
removeCredential(requestId, userId, credentialId, credentialType, trustedDevice=None, onBehalfOfAccountId=None)
Description:

Removes a credential from a user
Note:

If the credential is not associated with any other user, the credential is also deactivated. Also, if the device deletion policy for Remembered Devices is set to Admin Only, credentials can only be removed through VIP Manager (ERROR code: 6010).
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • credentialId (string) – Unique identifier of the credential
  • credentialType (string) – Identifies the credential type: STANDARD_OTP (hardware or software VIP credential, including VIP Access for mobile), CERTIFICATE , SMS_OTP , VOICE_OTP , SERVICE_OTP
  • trustedDevice (boolean) – Allows the device to be remembered in the credential for future easy usage
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
sendOtpSMS(requestId, userId, phoneNumber, isGatewayAcctInfo=False, onBehalfOfAccountId=None, smsFrom=None, messageTemplate=None, gatewayId=None, gatewayPassword=None)
Description:

Sends a one time password to a mobile phone
Note:
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • phoneNumber (string) – The phone number credential tied to user (active) for delivering security code. It must range from 5 to 20 digits. Any appended extension must begin with lower-case ‘x’, followed by any combination of the characters: .,# and digits 0 to 9. | example: 488555444x,1112 | **comma* Creates a short delay of approximately 2 seconds. | period Creates a longer delay of approximately 5 seconds. | star Used by some phone systems to access an extension. | pound or hash Used by some phone systems to access an extension.
  • isGatewayAcctInfo (boolean) – Should we use a gateway?
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
  • smsFrom (string) – DEPRECATED - Specifies the FROM number that is used to send an SMS message so that the message from receiver can be mapped back.
  • messageTemplate (string ???) – The text that is sent to the user’s SMS device along with security code.
  • gatewayId (string) – The user’s specified gateway Account Id
  • gatewayPassword (string) – The user’s specified gateway Account password
Returns:

the return SOAP response.
Raises:
setTemporaryPasswordAttributes(requestId, userId, expirationTime=None, oneTimeUseOnly=None, onBehalfOfAccountId=None)
Description:

Changes the expiration date for a temporary security code you previously set using the setTemporaryPassword()
Note:
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • expirationDate (dateTime) – The temporary security code expiration time (maximum of 30 days) using GMT time zone. If no date is provided, the default expiration period of 1 day is used to calculate the security code expiration.
  • oneTimeUseOnly (boolean) – If this field is set to “true”, the temporary security code expires after one use, or at the expiration date. The default value is “false”.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
setTemporaryPasswordSMSDelivery(requestId, userId, phoneNumber, smsFrom=None, messageTemplate=None, gatewayId=None, gatewayPassword=None, temporaryPassword=None, expirationDate=None, oneTimeUseOnly=None, onBehalfOfAccountId=None)
Description:

Sets a temporary security code for a user through SMS text message
Note_1:

Can optionally set an expiration date for the security code, or set it for one-time use only. The request requires the user ID and optionally, the temporary security code string. If you do not provide a security code, VIP User Services automatically generates one for you.
Note_2:

You can clear the security code with clearTemporaryPassword. Also, if a user is authenticated using a security code generated by a valid credential, VP User Services automatically clears the temporary security code.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • phoneNumber (string) – The phone number credential tied to user (active) for delivering security code. It must range from 5 to 20 digits. Any appended extension must begin with lower-case ‘x’, followed by any combination of the characters: .,# and digits 0 to 9. | example: 488555444x,1112 | **comma* Creates a short delay of approximately 2 seconds. | period Creates a longer delay of approximately 5 seconds. | star Used by some phone systems to access an extension. | pound or hash Used by some phone systems to access an extension.
  • smsFrom (string) – DEPRECATED - Specifies the FROM number that is used to send an SMS message so that the message from receiver can be mapped back.
  • messageTemplate (string ???) – The text that is sent to the user’s SMS device along with security code.
  • gatewayId (string) – The user’s specified gateway Account Id
  • gatewayPassword (string) – The user’s specified gateway Account password
  • temporaryPassword (string) – Temporary security code is either empty or 6 numeric characters. If this field is left empty, a security code will be auto-generated for the user.
  • expirationDate (dateTime) – The temporary security code expiration time (maximum of 30 days) using GMT time zone. If no date is provided, the default expiration period of 1 day is used to calculate the security code expiration.
  • oneTimeUseOnly (boolean) – If this field is set to “true”, the temporary security code expires after one use, or at the expiration date. The default value is “false”.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
setTemporaryPasswordVoiceDelivery(requestId, userId, phoneNumber, language=None, temporaryPassword=None, expirationDate=None, oneTimeUseOnly=None, onBehalfOfAccountId=None)
Description:

Sets a temporary security code for a user through SMS Voice message
Note_1:

Can optionally set an expiration date for the security code, or set it for one-time use only. The request requires the user ID and optionally, the temporary security code string. If you do not provide a security code, VIP User Services automatically generates one for you.
Note_2:

You can clear the security code with clearTemporaryPassword. Also, if a user is authenticated using a security code generated by a valid credential, VP User Services automatically clears the temporary security code.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • phoneNumber (string) – The phone number credential tied to user (active) for delivering security code. It must range from 5 to 20 digits. Any appended extension must begin with lower-case ‘x’, followed by any combination of the characters: .,# and digits 0 to 9. | example: 488555444x,1112 | **comma* Creates a short delay of approximately 2 seconds. | period Creates a longer delay of approximately 5 seconds. | star Used by some phone systems to access an extension. | pound or hash Used by some phone systems to access an extension.
  • language (string) – The language that the security code message is in. Only supported language is en-us
  • temporaryPassword (string) – Temporary security code is either empty or 6 numeric characters. If this field is left empty, a security code will be auto-generated for the user.
  • expirationDate (dateTime) – The temporary security code expiration time (maximum of 30 days) using GMT time zone. If no date is provided, the default expiration period of 1 day is used to calculate the security code expiration.
  • oneTimeUseOnly (boolean) – If this field is set to “true”, the temporary security code expires after one use, or at the expiration date. The default value is “false”.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
updateCredential(requestId, userId, credentialId, credentialType, friendlyName, onBehalfOfAccountId=None)
Description:

Updates the friendly name of a credential
Note:

The updateCredential API includes unique identifiers of the request for the enterprise application, for the user, and for the credential.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • credentialId (string) – Unique identifier of the credential
  • credentialType (string) – Identifies the credential type: STANDARD_OTP (hardware or software VIP credential, including VIP Access for mobile), CERTIFICATE , SMS_OTP , VOICE_OTP , SERVICE_OTP
  • friendlyName (string) – A user-defined name to identify the credential.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
updateUser(requestId, userId, newUserId=None, newUserStatus=None, oldPin=None, newPin=None, forcePinChange=None, onBehalfOfAccountId=None)
Description:

Update information about an user in VIP User Services
Note:

Also, enables or disables a user.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • newUserId (string) – Case-sensitive unique replacement ID for the user. If element isn’t provided, user ID is not changed.
  • newUserStatus (string) – New status of user: ACTIVE or DISABLED; If element is not provided, the user status is not changed.
  • oldPin (string) – The existing user PIN. If value is provided without a newPin value an error is returned. Else if the oldPin is not prvided, but a newPin value is provided, the user is updated with newPin.
  • newPin (string) – The new user PIN. If value does not meet requirements of the PIN policy, an error is returned. Else if the PIN policy has not been enabled for the user, an error is returned.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
  • forcePinChange (boolean) – Force the PIN to expire after first use.
Returns:

the return SOAP response.
Raises:

Module contents

The Symantec Python class that handles all the Symantec VIP API SOAP calls for management services.