The ibmsecurity method ibmsecurity.isam.web.password_strength.import_file stopped working on v10.0.3.0.  Actually it doesn't work on v10.0.2.0 either.  However, I cannot even upload the XLST files via the LMI import file under the Web, Password Strength menu.  Trying to import a file results in response code 400 with the response:

{"message":"The uploaded file is not of the correct type."}

I've given up on the file import, it doesn't work at all now, I wish it still did, it would make things a lot easier, as this has broken our automated builds.  I opened a case with L2 on this but they are telling me this is a coding issue since they can make it work via the LMI create from copy/paste or from curl by manipulating the line returns.  I am hoping someone here can help me make sense of what has changed so I can adjust import_file to work with this latest firmware update.

I modified the import_file method to use a post using the isamAppliance.invoke_post method, passing the id of the rule and the content.  However, this is not working either.  When it goes into invoke_post, then ISAMAppliance._invoke_request, the data dict gets converted to JSON using json.dumps, where it is ultimately posted to the requests package.  However, the issue seems to be the escaping that is going on, and the appliance hates it.

For example, at the end of a line:   ">NEWLINE
Gets sent as the following text according to the debug output, notice the escaping of the newline:  \\\">\\n

Now if I send it via curl, I can get it to work:

curl -v -X POST -k -H "Accept:application/json" -H "Content-type:application/json" --user "admin@password" https://lmi.acme.org/wga/pwd_strength --data '{"name":"pw-rule.xslt", "content":"'"$(cat pw-rule.xslt | sed 's|"|\\"|g')"'"}'

However, I am only escaping the double quotes (hence the nasty sed there at the end).  It seems if the newline is escaped, then things don't work.

Can someone please explain to me what the LMI wants for valid input data for this XSLT code password strength rule?  It feels like it is not dealing with the line returns correctly now, so it seems I am going to have to work around that in the Python code.  Can someone help me get the import_file method working with the creating a new file rather than importing it?  I can't go diving into modifying stuff in the ISAMAppliance class, so whatever needs done, I need to convert this data before it hits ISAMAppliance.invoke_post, and hence into json.dumps() and ultimately into the Python requests package.

PS:  On a side note, I am using ibmsecurity to in conjunction with an Ansible roles based off the isam-ansible-roles project.  I have a full hands off build developed, and any time anything like this changes on the LMI, it blows these builds up, and I end up having to spend a considerable amount of time resolving these issues.  Unfortunately due to some time constraints, I wasn't able to test these full builds against v10.0.2.0 from scratch.  I just confirmed that this is indeed also different in v10.0.2.0.  I believe the last full build I ran was v10.0.1.0, after that I have been running deltas to just update things that need changed.  Hence, the import_file would have never fired because the rule already existed after the first initial build.

Thanks for any help.

PS:  Fail on spelling on the post title, and sadly I can't change it once submitted.  At least I can edit this text to say oops :)

------------------------------
Matt
------------------------------

Original Message:
Sent: 2/2/2022 4:34:00 PM
From: Matt Jenkins
Subject: Password strength module uploading failing on newer versions - Any ideas how to resolve promatically?

The ibmsecurity method ibmsecurity.isam.web.password_strength.import_file stopped working on v10.0.3.0.  Actually it doesn't work on v10.0.2.0 either.  However, I cannot even upload the XLST files via the LMI import file under the Web, Password Strength menu.  Trying to import a file results in response code 400 with the response:

{"message":"The uploaded file is not of the correct type."}

I've given up on the file import, it doesn't work at all now, I wish it still did, it would make things a lot easier, as this has broken our automated builds.  I opened a case with L2 on this but they are telling me this is a coding issue since they can make it work via the LMI create from copy/paste or from curl by manipulating the line returns.  I am hoping someone here can help me make sense of what has changed so I can adjust import_file to work with this latest firmware update.

I modified the import_file method to use a post using the isamAppliance.invoke_post method, passing the id of the rule and the content.  However, this is not working either.  When it goes into invoke_post, then ISAMAppliance._invoke_request, the data dict gets converted to JSON using json.dumps, where it is ultimately posted to the requests package.  However, the issue seems to be the escaping that is going on, and the appliance hates it.

For example, at the end of a line:   ">NEWLINE
Gets sent as the following text according to the debug output, notice the escaping of the newline:  \\\">\\n

Now if I send it via curl, I can get it to work:

curl -v -X POST -k -H "Accept:application/json" -H "Content-type:application/json" --user "admin@password" https://lmi.acme.org/wga/pwd_strength --data '{"name":"pw-rule.xslt", "content":"'"$(cat pw-rule.xslt | sed 's|"|\\"|g')"'"}'

However, I am only escaping the double quotes (hence the nasty sed there at the end).  It seems if the newline is escaped, then things don't work.

Can someone please explain to me what the LMI wants for valid input data for this XSLT code password strength rule?  It feels like it is not dealing with the line returns correctly now, so it seems I am going to have to work around that in the Python code.  Can someone help me get the import_file method working with the creating a new file rather than importing it?  I can't go diving into modifying stuff in the ISAMAppliance class, so whatever needs done, I need to convert this data before it hits ISAMAppliance.invoke_post, and hence into json.dumps() and ultimately into the Python requests package.

PS:  On a side note, I am using ibmsecurity to in conjunction with an Ansible roles based off the isam-ansible-roles project.  I have a full hands off build developed, and any time anything like this changes on the LMI, it blows these builds up, and I end up having to spend a considerable amount of time resolving these issues.  Unfortunately due to some time constraints, I wasn't able to test these full builds against v10.0.2.0 from scratch.  I just confirmed that this is indeed also different in v10.0.2.0.  I believe the last full build I ran was v10.0.1.0, after that I have been running deltas to just update things that need changed.  Hence, the import_file would have never fired because the rule already existed after the first initial build.

Thanks for any help.

PS:  Fail on spelling on the post title, and sadly I can't change it once submitted.  At least I can edit this text to say oops :)

------------------------------
Matt
------------------------------

Scott, we've used this XSLT for a long time.  It originated from exporting the file, and I've likely edited it in Jetbrains PyCharm IDE.  I can send a copy out of band to you.  When I do the import, with the .xslt extension, from the LMI it says it imports, but in reality it does not, and if you open developer tools you can see the error.  This occurs on v10.0.2.0 and v10.0.3.0 for me.

------------------------------
Matt Jenkins
------------------------------

Original Message:
Sent: Wed February 02, 2022 06:35 PM
From: Scott Exton
Subject: Password strength module uploading failing on newer versions - Any ideas how to resolve promatically?

Matt,

 

So, just to confirm, you even tried importing your XSLT file using the LMI and this failed?   I've just tried this in my environment and the import works for me. 

 

Where did you XSLT file come from?   Is there any chance that you could send me a copy of your XSLT file so that I could investigate further?

 

Thanks.

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

 

 

 

Original Message:
Sent: 2/2/2022 4:34:00 PM
From: Matt Jenkins
Subject: Password strength module uploading failing on newer versions - Any ideas how to resolve promatically?

The ibmsecurity method ibmsecurity.isam.web.password_strength.import_file stopped working on v10.0.3.0.  Actually it doesn't work on v10.0.2.0 either.  However, I cannot even upload the XLST files via the LMI import file under the Web, Password Strength menu.  Trying to import a file results in response code 400 with the response:

{"message":"The uploaded file is not of the correct type."}

I've given up on the file import, it doesn't work at all now, I wish it still did, it would make things a lot easier, as this has broken our automated builds.  I opened a case with L2 on this but they are telling me this is a coding issue since they can make it work via the LMI create from copy/paste or from curl by manipulating the line returns.  I am hoping someone here can help me make sense of what has changed so I can adjust import_file to work with this latest firmware update.

I modified the import_file method to use a post using the isamAppliance.invoke_post method, passing the id of the rule and the content.  However, this is not working either.  When it goes into invoke_post, then ISAMAppliance._invoke_request, the data dict gets converted to JSON using json.dumps, where it is ultimately posted to the requests package.  However, the issue seems to be the escaping that is going on, and the appliance hates it.

For example, at the end of a line:   ">NEWLINE
Gets sent as the following text according to the debug output, notice the escaping of the newline:  \\\">\\n

Now if I send it via curl, I can get it to work:

curl -v -X POST -k -H "Accept:application/json" -H "Content-type:application/json" --user "admin@password" https://lmi.acme.org/wga/pwd_strength --data '{"name":"pw-rule.xslt", "content":"'"$(cat pw-rule.xslt | sed 's|"|\\"|g')"'"}'

However, I am only escaping the double quotes (hence the nasty sed there at the end).  It seems if the newline is escaped, then things don't work.

Can someone please explain to me what the LMI wants for valid input data for this XSLT code password strength rule?  It feels like it is not dealing with the line returns correctly now, so it seems I am going to have to work around that in the Python code.  Can someone help me get the import_file method working with the creating a new file rather than importing it?  I can't go diving into modifying stuff in the ISAMAppliance class, so whatever needs done, I need to convert this data before it hits ISAMAppliance.invoke_post, and hence into json.dumps() and ultimately into the Python requests package.

PS:  On a side note, I am using ibmsecurity to in conjunction with an Ansible roles based off the isam-ansible-roles project.  I have a full hands off build developed, and any time anything like this changes on the LMI, it blows these builds up, and I end up having to spend a considerable amount of time resolving these issues.  Unfortunately due to some time constraints, I wasn't able to test these full builds against v10.0.2.0 from scratch.  I just confirmed that this is indeed also different in v10.0.2.0.  I believe the last full build I ran was v10.0.1.0, after that I have been running deltas to just update things that need changed.  Hence, the import_file would have never fired because the rule already existed after the first initial build.

Thanks for any help.

PS:  Fail on spelling on the post title, and sadly I can't change it once submitted.  At least I can edit this text to say oops :)

------------------------------
Matt
------------------------------

Scott, I just wanted to post the resolution here if anyone else is having the same issue.

The problem was our password strength module XSLT rule did not have the XML declaration at the top.  So adding this to the top of the XSLT file got the file import working:
<?xml version="1.0" encoding="UTF-8"?>

Hence, our existing code now works.  Now, I will say in the password_strength.import_file method I did change the URL in invoke_post_files to /wga/pwd_strength (the old value was /wga/pwd_strength.js).  I had done this a long while ago, so that code actually may need updated from the ibmsecurity GitHub project if anyone else is having an issue with that specific import_file method.

Thanks again Scott for your help on this.

------------------------------
Matt Jenkins
------------------------------

Original Message:
Sent: Wed February 02, 2022 08:58 PM
From: Matt Jenkins
Subject: Password strength module uploading failing on newer versions - Any ideas how to resolve promatically?

Scott, we've used this XSLT for a long time.  It originated from exporting the file, and I've likely edited it in Jetbrains PyCharm IDE.  I can send a copy out of band to you.  When I do the import, with the .xslt extension, from the LMI it says it imports, but in reality it does not, and if you open developer tools you can see the error.  This occurs on v10.0.2.0 and v10.0.3.0 for me.

------------------------------
Matt Jenkins

Original Message:
Sent: Wed February 02, 2022 06:35 PM
From: Scott Exton
Subject: Password strength module uploading failing on newer versions - Any ideas how to resolve promatically?

Matt,

 

So, just to confirm, you even tried importing your XSLT file using the LMI and this failed?   I've just tried this in my environment and the import works for me. 

 

Where did you XSLT file come from?   Is there any chance that you could send me a copy of your XSLT file so that I could investigate further?

 

Thanks.

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

 

 

 

Original Message:
Sent: 2/2/2022 4:34:00 PM
From: Matt Jenkins
Subject: Password strength module uploading failing on newer versions - Any ideas how to resolve promatically?

The ibmsecurity method ibmsecurity.isam.web.password_strength.import_file stopped working on v10.0.3.0.  Actually it doesn't work on v10.0.2.0 either.  However, I cannot even upload the XLST files via the LMI import file under the Web, Password Strength menu.  Trying to import a file results in response code 400 with the response:

{"message":"The uploaded file is not of the correct type."}

I've given up on the file import, it doesn't work at all now, I wish it still did, it would make things a lot easier, as this has broken our automated builds.  I opened a case with L2 on this but they are telling me this is a coding issue since they can make it work via the LMI create from copy/paste or from curl by manipulating the line returns.  I am hoping someone here can help me make sense of what has changed so I can adjust import_file to work with this latest firmware update.

I modified the import_file method to use a post using the isamAppliance.invoke_post method, passing the id of the rule and the content.  However, this is not working either.  When it goes into invoke_post, then ISAMAppliance._invoke_request, the data dict gets converted to JSON using json.dumps, where it is ultimately posted to the requests package.  However, the issue seems to be the escaping that is going on, and the appliance hates it.

For example, at the end of a line:   ">NEWLINE
Gets sent as the following text according to the debug output, notice the escaping of the newline:  \\\">\\n

Now if I send it via curl, I can get it to work:

curl -v -X POST -k -H "Accept:application/json" -H "Content-type:application/json" --user "admin@password" https://lmi.acme.org/wga/pwd_strength --data '{"name":"pw-rule.xslt", "content":"'"$(cat pw-rule.xslt | sed 's|"|\\"|g')"'"}'

However, I am only escaping the double quotes (hence the nasty sed there at the end).  It seems if the newline is escaped, then things don't work.

Can someone please explain to me what the LMI wants for valid input data for this XSLT code password strength rule?  It feels like it is not dealing with the line returns correctly now, so it seems I am going to have to work around that in the Python code.  Can someone help me get the import_file method working with the creating a new file rather than importing it?  I can't go diving into modifying stuff in the ISAMAppliance class, so whatever needs done, I need to convert this data before it hits ISAMAppliance.invoke_post, and hence into json.dumps() and ultimately into the Python requests package.

PS:  On a side note, I am using ibmsecurity to in conjunction with an Ansible roles based off the isam-ansible-roles project.  I have a full hands off build developed, and any time anything like this changes on the LMI, it blows these builds up, and I end up having to spend a considerable amount of time resolving these issues.  Unfortunately due to some time constraints, I wasn't able to test these full builds against v10.0.2.0 from scratch.  I just confirmed that this is indeed also different in v10.0.2.0.  I believe the last full build I ran was v10.0.1.0, after that I have been running deltas to just update things that need changed.  Hence, the import_file would have never fired because the rule already existed after the first initial build.

Thanks for any help.

PS:  Fail on spelling on the post title, and sadly I can't change it once submitted.  At least I can edit this text to say oops :)

------------------------------
Matt
------------------------------