[BUG] Failing to create ssoadmin client

[abhaygupta97]

Describe the bug
Following #2238 I am trying to get groups to which a user belongs in a vCenter. For this I am trying to create a ssoadmin client but the client creation is failing.

To Reproduce
Steps to reproduce the behavior:

I am running following script:

package main

import (
    "context"
    "fmt"
    "net/url"
    "time"

    "github.com/vmware/govmomi"
    "github.com/vmware/govmomi/session"
    "github.com/vmware/govmomi/ssoadmin"
    "github.com/vmware/govmomi/ssoadmin/types"
    "github.com/vmware/govmomi/vim25"
    "github.com/vmware/govmomi/vim25/soap"
)

func main() {
    ctx := context.Background()
    principal := "abc@vsphere.local"
    url := &url.URL{Scheme: "https", Path: "/sdk", Host: "host.ip",
        User: url.UserPassword(principal, "password")}

    soapClient := soap.NewClient(url, true)
    vimClient, err := vim25.NewClient(ctx, soapClient)
    if err != nil {
	panic(err)
    }

    c := &govmomi.Client{
        Client:         vimClient,
        SessionManager: session.NewManager(vimClient),
    }

    // Keep the session alive by setting a keepalive round tripper.
    c.RoundTripper = session.KeepAlive(c.RoundTripper, 60 * time.Second)

    err = c.Login(ctx, url.User)
    if err != nil {
        panic(err)
    }

    ssoClient, err := ssoadmin.NewClient(ctx, c.Client)
    if err != nil {
        panic(err)
    }
    //fmt.Println(ssoClient.Domain)
    ssoClient.RoundTripper = session.KeepAlive(c.RoundTripper, 60 * time.Second)
    
    err = ssoClient.Login(ctx)
    if err != nil {
        panic(err)
    }

    userId := types.PrincipalId{Name: "abc", Domain: "vsphere.local"}

    u, err := ssoClient.FindParentGroups(ctx, userId)
    if err != nil {
      panic(err)
    }
    fmt.Println(u)
}

Above script is failing with following output during ssoadmin client login step:

panic: VersionMismatchFaultCode: Unsupported version URI "urn:vim25/7.0"

while parsing SOAP body
at line 2, column 60

while parsing SOAP envelope
at line 2, column 0

while parsing HTTP request before method was determined
at line 1, column 0

goroutine 1 [running]:
main.main()
	/Volumes/workspace/esx-test/main5.go:56 +0x3a9
exit status 2

If I comment out the login step, its failing with same error when FindParentGroups function is called.
Please share what I am doing wrong here.

Expected behavior
Above script should return groups which a user is part of.

Affected version
vCenter version: 6.5.0
govmomi version: v0.27.4

Screenshots/Debug Output
Added script output in steps to reproduce.

Additional context
I am trying to get groups which a user is part of.

[github-actions]

Howdy 🖐   abhaygupta97 ! Thank you for your interest in this project. We value your feedback and will respond soon.

If you want to contribute to this project, please make yourself familiar with the CONTRIBUTION guidelines.

[dougm]

I've not tried using keepalive with the ssoadmin client, but you'd need to use something other than session.KeepAlive as that invokes a vim25 endpoint method. You can use keepalive.NewHandlerSOAP with a function in the ssoadmin namespace. But, do you need/want to keepalive an ssoadmin session? The ssoClient.Login in your example won't work even without keepalive.. you need a SAML token to login.
For example, see the helper used by the govc sso commands:

govmomi/govc/sso/client.go

Lines 54 to 67 in b504836

	tokens, cerr := sts.NewClient(ctx, vc)
	if cerr != nil {
	return cerr
	}
	req := sts.TokenRequest{
	Certificate: vc.Certificate(),
	Userinfo: cmd.Session.URL.User,
	}
	header.Security, cerr = tokens.Issue(ctx, req)
	if cerr != nil {
	return cerr
	}

[abhaygupta97]

It worked. Thanks!