Hi,

The two standard protocols you are digging deeper into are part of the OASIS standards body organization

• http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/ws-trust.html (so your step 1 POST to /wstrust/mixed/)
• http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html (similar standard but for the browsers

Perhaps it helps if you share what you want to achieve?

-Dave

I'm working on a Python client for SDL using the WCF/SVC endpoints. Since the main Python library for SOAP (zeep) doesn't support all the expected protocols, I'm manually building the SOAP header and body. I've completed the first round of message exchanges, but to continue I need to generate a valid value for both <DigestValue> and <SignatureValue>. Do you know how Publication Manager does this? 

In Publication Manager this is solved through the Microsoft WCF components offered by the .NET Framework (and before by Microsoft Windows Identity Framework (WIF)). In essence Publication Manager does it very similar to the open-sourced API client 'ISHRemote'

For example in https://github.com/sdl/ISHRemote/blob/master/Source/ISHRemote/Trisoft.ISHRemote/InfoShareWcfConnection.cs you'll recognize ChannelFactory. But the magic on the SOAP envelope is hidden in .NET.

Personally I think it is pretty courageous to build that up from scratch. As an alternative the Content Manager on your version still holds the DEPRECATED ASMX based API. This one is probably quite a lot faster to get working in python but is going to be removed eventually (at the time of writing it will still be available in upcoming Tridion Docs 14, then again still deprecated).

Adding some reasons for deprecation... First it relies on the built-in security system so where the CMS owns the username and the password which is not where the world is heading. Second, the ASMX-based SOAP implementation is old and bypassed by various other standards - then again that makes that there are a lot of libraries to help you implement it.

In Publication Manager this is solved through the Microsoft WCF components offered by the .NET Framework (and before by Microsoft Windows Identity Framework (WIF)). In essence Publication Manager does it very similar to the open-sourced API client 'ISHRemote'

For example in https://github.com/sdl/ISHRemote/blob/master/Source/ISHRemote/Trisoft.ISHRemote/InfoShareWcfConnection.cs you'll recognize ChannelFactory. But the magic on the SOAP envelope is hidden in .NET.

Personally I think it is pretty courageous to build that up from scratch. As an alternative the Content Manager on your version still holds the DEPRECATED ASMX based API. This one is probably quite a lot faster to get working in python but is going to be removed eventually (at the time of writing it will still be available in upcoming Tridion Docs 14, then again still deprecated).

Adding some reasons for deprecation... First it relies on the built-in security system so where the CMS owns the username and the password which is not where the world is heading. Second, the ASMX-based SOAP implementation is old and bypassed by various other standards - then again that makes that there are a lot of libraries to help you implement it.