symantec_package.lib.userService package

Submodules

symantec_package.lib.userService.SymantecUserServices module

class symantec_package.lib.userService.SymantecUserServices.SymantecUserServices(client)

Bases: object

This class acts as a layer of abstraction to handling all user services Symantec VIP SOAP calls in Python.

You call this class to handle anything that is related to authenticating users and credentials.

Example:
>>> client = Client("http://../vipuserservices-auth-1.7.wsdl", transport = HTTPSClientCertTransport('vip_certificate.crt','vip_certificate.crt'))
>>> service = SymantecUserServices(client)
>>> response = service.authenticateUser(<parameters here>)
>>> print (response)

Note

Reference HTTPHandler for further information on how to setup the client.

authenticateCredentialWithPush(requestId, credentialId, activate=None, pushAuthData=None, key='authLevel.level', value=None, authContext=None, onBehalfOfAccountId=None)
Description:

Authenticates a user via a Push notification using their credential ID.
Note:
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • credentialId (string) – The unique identifier for the hardware credential being used. (Could be your phone, desktop, etc.)
  • activate (boolean) – Activates a credential. If otpAuthData is provided, it consumes the OTP to authenticate. If pushAuthData is used, sends a push notification to the credential for authentication.
  • authContext (dict) – A map containing the parameters that control how the authentication is performed. Example format: authContext={“params”:{“Key”:authLevel.level, “Value”:<the authentication level described next>}}. VIP User Services accepts an authentication level for the authContext field. The authentication level defines the credential types that can be validated with this request. This level must match an authentication level configured in VIP Manager. ■ Key: Enter authLevel.level ■ Value: Enter the authentication level value (as an integer from 1 - 10).
  • value (string) – The authentication level value (1-10)
Returns:

the return SOAP response.
Raises:
authenticateCredentialWithSMS(requestId, credentialId_phoneNumber, otp1, otp2=None, activate=None, onBehalfOfAccountId=None)
Description:

Authenticates a user via an SMS code sent to their device using their credential ID and that OTP sent.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • credentialId_phoneNumber (string) – The phone number of the device. Must be in ten-digit format without any dashes or delimiters (Example: 12345678900).
  • otp1 (string) – The One Time Password generated by the user’s credential.
  • otp2 (string) – (Optional) - A second OTP.
  • activate (boolean) – Activates a credential. If otpAuthData is provided, it consumes the OTP to authenticate. If pushAuthData is used, sends a push notification to the credential for authentication.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
authenticateCredentialWithStandard_OTP(requestId, credentialId, otp1, otp2=None, activate=None, onBehalfOfAccountId=None)
Description:

Authenticates a user via the 6-digit OTP generated by their device on the Symantec VIP Access app.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • credentialId (string) – The unique identifier for the hardware credential being used. (Could be your phone, desktop, etc.)
  • otp1 (string) – The One Time Password generated by the user’s credential.
  • otp2 (string) – (Optional) - A second OTP.
  • activate (boolean) – Activates a credential. If otpAuthData is provided, it consumes the OTP to authenticate. If pushAuthData is used, sends a push notification to the credential for authentication.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
authenticateCredentials(requestId, credentials, otp1=None, otp2=None, pushAuthData=None, activate=None, authContext=None, onBehalfOfAccountId=None)
Description:

*Authenticates a credential with VIP Services. *
Note:

Must provide either OTP data OR push data (pushAuthData)
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • credentials (dict) – Credential information in a dict in the following format {“credentialId”:<some_id> , “credentialType”:<one of STANDARD_OTP or SMS_OTP>}
  • otp1 (string) – The One Time Password generated by the user’s credential.
  • otp2 (string) – (Optional) - A second OTP.
  • activate (boolean) – Activates a credential. If otpAuthData is provided, it consumes the OTP to authenticate. If pushAuthData is used, sends a push notification to the credential for authentication.
  • authContext (dict) – A map containing the parameters that control how the authentication is performed. Example format: authContext={“params”:{“Key”:authLevel.level, “Value”:<the authentication level described next>}}. VIP User Services accepts an authentication level for the authContext field. The authentication level defines the credential types that can be validated with this request. This level must match an authentication level configured in VIP Manager. ■ Key: Enter authLevel.level ■ Value: Enter the authentication level value (as an integer from 1 - 10).
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
authenticateUser(requestId, userId, otp1, otp2=None, value=None, key='authLevel.level', authContext=None, pin=None, onBehalfOfAccountId=None)
Description:

Authenticates a user by userID with Symantec VIP Services
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – Unique user ID (i.e.- email address, login name). Accepts 1 - 128 characters. Case-sensitive.
  • otp1 (string) – The One Time Password generated by the user’s credential.
  • otp2 (string) – (Optional) - A second OTP.
  • value (string) – The authentication level value (1-10)
  • authContext (string) – A map containing the parameters that control how the authentication is performed. VIP User Services accepts an authentication level for the authContext field. The authentication level defines the credential types that can be validated with this request. This level must match an authentication level configured in VIP Manager. ■ Key: Enter authLevel.level ■ Value: Enter the authentication level value (as an integer from 1 - 10).
  • pin (string) – Optional user PIN for first-factor authentication. The PIN may be 4 to 128 international characters in length, depending on restrictions of the PIN policy.
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
authenticateUserWithPush(requestId, userId, pin=None, pushAuthData=None, key='authLevel.level', value=None, authContext=None, onBehalfOfAccountId=None)
Description:

Authenticates a user via a Push notification using their user ID.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – The unique userID stored in Symantec VIP Services.
  • pin (string) – Optional user PIN for first-factor authentication. The PIN may be 4 to 128 international characters in length, depending on restrictions of the PIN policy.
  • value (string) – The authentication level value (1-10)
  • authContext (dict) – A map containing the parameters that control how the authentication is performed. Example format: authContext={“params”:{“Key”:authLevel.level, “Value”:<the authentication level described next>}}. VIP User Services accepts an authentication level for the authContext field. The authentication level defines the credential types that can be validated with this request. This level must match an authentication level configured in VIP Manager. ■ Key: Enter authLevel.level ■ Value: Enter the authentication level value (as an integer from 1 - 10).
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
checkOtp(requestId, userId, otp1, otp2=None, value=None, key='authLevel.level', authContext=None, onBehalfOfAccountId=None)
Description:

Authenticates a user via the OTP generated by their device in the VIP Access application using their user ID.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • userId (string) – The unique userID stored in Symantec VIP Services.
  • otp1 (string) – The One Time Password generated by the user’s credential.
  • otp2 (string) – (Optional) - A second OTP.
  • value (string) – The authentication level value (1-10)
  • authContext (dict) – A map containing the parameters that control how the authentication is performed. Example format: authContext={“params”:{“Key”:authLevel.level, “Value”:<the authentication level described next>}}. VIP User Services accepts an authentication level for the authContext field. The authentication level defines the credential types that can be validated with this request. This level must match an authentication level configured in VIP Manager. ■ Key: Enter authLevel.level ■ Value: Enter the authentication level value (as an integer from 1 - 10).
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
confirmRisk(requestId, UserId, EventId, VerifyMethod=None, KeyValuePair=None, onBehalfOfAccountId=None)
Description:

For VIP Intelligent Authentication, you need to apply the confirmRisk API if the evaluateRisk API determined a sign-in event was risky, and the site’s user challenge response also failed.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • UserId (string) – Unique ID for the user (for example, the user email address, the user’s login name, or a unique ID that maps to user’s login name). The userId accepts 1 to 128 international characters. The user ID is not case-sensitive in look-up operations.
  • EventId (string) – The ID of the current event generated by IA.
  • VerifyMethod (string) – Method that is used to challenge a risky sign-in event, from 1 to 64 characters.
  • KeyValuePair (list) – List of key values pairs
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
convert_to_hash(d)

Convert Suds object into serializable format.

denyRisk(requestId, UserId, EventId, VerifyMethod=None, IAAuthData=None, isRememberDevice=None, FriendlyName=None, KeyValuePair=None, onBehalfOfAccountId=None)
Description:

For VIP Intelligent Authentication, you need to apply the confirmRisk API if the evaluateRisk API determined a sign-in event was risky, and the site’s user challenge response also failed.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • UserId (string) – Unique ID for the user (for example, the user email address, the user’s login name, or a unique ID that maps to user’s login name). The userId accepts 1 to 128 international characters. The user ID is not case-sensitive in look-up operations.
  • EventId (string) – The ID of the current event generated by IA.
  • VerifyMethod (string) – Method that is used to challenge a risky sign-in event, from 1 to 64 characters.
  • IAAuthData (string) – “Fingerprint” of the device, collected from browser.
  • isRememberDevice (boolean) – Sets “true” if the end user has chosen to always have device recognized. The device tag is then bound to the end user. If the end user elects not to have the device recognized, this value is “false.”
  • FriendlyName (string) – A descriptive name provided by the user during registration. If the user did not provide a name, a default friendly name is used.
  • KeyValuePair (list) – List of key values pairs
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
evaluateRisk(requestId, UserId, IpAddress, UserAgent, IAAuthData=None, KeyValuePair=None, onBehalfOfAccountId=None)
Description:

You can use the evaluateRisk API to assess whether a particular sign-in event is considered risky. Note that this information only identifies the potential risk of a particular event; the enterprise should challenge the user for additional authentication to determine if the event is actually fraudulent.
Parameters:
  • requestId (string) – A unique identifier of the request for the enterprise application. This may be useful for troubleshooting
  • UserId (string) – Unique ID for the user (for example, the user email address, the user’s login name, or a unique ID that maps to user’s login name). The userId accepts 1 to 128 international characters. The user ID is not case-sensitive in look-up operations.
  • IpAddress (string) – IP address in decimal format (for example, 209.191.122.70).
  • UserAgent (string) – Browser user agent. Should not exceed 250 characters.
  • IAAuthData (string) – “Fingerprint” of the device, collected from browser.
  • KeyValuePair (list) – List of key values pairs
  • onBehalfOfAccountId (string) – The parent account that this request is done on behalf of a child account. The parent account uses its own certificate to authenticate the request to VIP User Services.
Returns:

the return SOAP response.
Raises:
getFieldContent(fieldname)
Description:Get content of items in response message
Note:Works only for one line item
Parameters:fieldname (string) – Item name
Returns:The content of input fieldname
getPreviousResponseFirstPairs()
Description:Gets the 1st level of important main response fields from previous VIP SOAP call and tells what fields are accessible
Note:This will not work if there was no previous call in the client.
Returns:list – Containing all the first pair values of each tuple
getPreviousResponseValue(firstPair)
Description:Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:This will not work if there was no previous call in the client.
Parameters:firstPair (string) – The first pair in the tuple field
Returns:The field value at the pair key
getResponseFirstPairs(response)
Description:Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:This requires the SOAP response as a parameter.
Parameters:response (list of tuples) – The SOAP response
Returns:list – Containing all the first pair values of each tuple
getResponseValue(response, firstPair)
Description:

Gets the 1st level of important main response fields from the VIP SOAP call and tells what fields are accessible
Note:

This requires the SOAP response as a parameter.
Parameters:
  • response (list of tuples) – The SOAP response
  • firstPair (string) – The first pair in the tuple field
Returns:

The field value at the pair key

Module contents