HikVision "Wrong ONVIF Soap Response" Error about onvif HOT 17 OPEN

海康18.12及其以前的相机支持普通的WSSE认证的方式，因此直接使用gsoap中的soap_wsse_add_UsernameTokenDigest就可以完成认证，但是之后新版本的相机只支持安全的WSSE认证方式和digest认证，WSSE需要客户端和服务端时间同步，因此在使用WSSE认证方式之前需要校时。但是digest不需要。

from onvif.

can you try with the latest code from github please.

getProfiles and getVideoSources have always needed authentication, so nothing new there.
But this library used to parse the error string (eg Not Authorized) and not the error code (eg 401)
Hik have changed the formatting of the error string (ASCII Text) which messed up this library.
So I did code changes to use the error code (eg 401).

As a result the library never re-tried the API with authentication.

The fixes should have all been merged in from the "roger" branch to the master branch

from onvif.

Hey Roger - I just pulled the latest changes from Github directly. It does take me up to the most recent commit (the version bump to 0.6.8). But I noticed your last line mentioned that it should have changes from the roger branch but it does not appear that those changes have been merged into master yet.

I'm going to try to check the changes for that branch out specifically and see if that resolves the problem. I'll follow-up here shortly.

from onvif.

@RogerHardiman that seemed to do it! Installing the onvif library set to the roger branch fixed the connection.

from onvif.

Thanks for testing and letting me know.

from onvif.

The change in the code that fixed this issue is in the Master Branch and has been there since January.
In your project, were you pulling in a specific version of the library in your package.json?

from onvif.

There was a roger branch merged in Jan. 12th, but it's not the branch that contains the particular fix that I apparently needed. You made that change March 2nd 53b9500. This particular change doesn't exist in master:

But for what it's worth, the first time I pulled master I did npm install git+https://github.com/agsh/onvif.git, the second time I did git+https://github.com/agsh/onvif.git#roger

from onvif.

thank you for the extra pair of eyes here and helping me with the commits.

from onvif.

The commit from March 2nd was to try and get a D-Link camera working and Media2 API (so I could use H265 streams). It was a bit of an experiment which I don't think worked, so in the end I gave up on the pile of junk from D-Link with numerous fireware bugs.
But by good fortune the fix works for you.

So there are two authentication methods in ONVIF, (a) WS-Securiry and (b) Digest Authentication.
So looping back to your original posts, looks like Hik don't like WS-Security and only Digest Authentication will do.
ONVIF recommended everyone use Digest in about 2012, but require the older WS-Security standard for legacy systems so we never changed (making us legacy).
So I'll have another look at the patch on March 2nd and what it doe (as it was a D-Link fix) and get something over to master soon-ish.

from onvif.

Could you goback to the camera with 19.12 firmware and tell me what the dropdown options are where it says "Digest", just below the 19.12 version string.
Thanks

from onvif.

The commit from March 2nd was to try and get a D-Link camera working and Media2 API (so I could use H265 streams). It was a bit of an experiment which I don't think worked, so in the end I gave up on the pile of junk from D-Link with numerous fireware bugs. But by good fortune the fix works for you.

Good fortune indeed! I guess it was by luck that you still had the branch and it was named roger, or I probably wouldn't have tried it, haha!

Could you goback to the camera with 19.12 firmware and tell me what the dropdown options are where it says "Digest", just below the 19.12 version string.

I'll check with the client that has the camera and see if he can check this setting. I know he was traveling and may not be able to access the cameras remotely currently so it might be a bit before I have this answer but I'll follow-up when I get it.

from onvif.

The client got back and provided this:

Looks like the options are:

• Digest&ws-username token
• Digest

Digest is enabled for all of the devices currently.

from onvif.

Many thanks

If the camera is set to Digest&ws-username token then the existing ONVIF library would have worked.

For 10+ years the library has only supported WS-Username (also called WS-Security) which was in the original ONVIF standard.
Digest Authentication was added by ONVIF about 2 years after the original standard. (so still a long time ago)
But this library never caught up.

So at least we understand what is going on now.
Either change the cameras to include ws-username, OR use my "roger" branch with some initial 'digest' authentication code in.

from onvif.

We're going to start slowly swapping the cameras over to the Digest&ws option. Once we've got everything swapped over we'll attempt to run on master (0.6.8) and hopefully all will go well. It may be a bit before we reach that point - not sure if you want to close this ticket out for now and I can re-open if switching doesn't work or just leave it open until we've swapped and tested. I'll leave that up to you, but I think either way we're good for the time being.

Thanks for your help!

from onvif.

Quick question, then the cameras is in Digest only mode, can ONVIF Device Manager talk to it? I thought ODM only supported WS-Security but was interested to see what ODM does.
Thanks

from onvif.

ODM抓包分析发现使用的是http digest认证的方式

from onvif.

海康18.12及其以前的相机支持普通的WSSE认证的方式，因此直接使用gsoap中的soap_wsse_add_UsernameTokenDigest就可以完成认证，但是之后新版本的相机只支持安全的WSSE认证方式和digest认证，WSSE需要客户端和服务端时间同步，因此在使用WSSE认证方式之前需要校时。但是digest不需要。

感谢，解决了

from onvif.