KEN
Reputation: 1
PHP SAML Authentication WSSE JAX-WS
I knew it's very hard to present it with simple words. but it really confused me a lot. I'm going to code for an Authentification class in PHP.
Here's the technical points: 1. saml2p:AuthnRequest XML(in php, we have to transform them into object,but how?) 2. simplexml array to object and object to array. 3. WSSE Header in JAX-WS 4. AuthnRequestType
And my codes and questions: this should be the authnrequest XML but I dont know how to put it into the method as a parameter in SoapClient.
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest AssertionConsumerServiceURL="http://http://localhost/SAML/objectoarray.php"
ID="551e5cd8-7f50-4dcd-bc85-eb625bb12da7" IssueInstant="2013-01-14T06:17:05.138Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Version="2.0"
xmlns:ns4="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<saml2:Issuer>applpf.pioneer.jp</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#551e5cd8-7f50-4dcd-bc85-eb625bb12da7">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>4RzD9oGu0D+pWD1ZZfrb83WsWL8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>dxZE/60oe3+rlIbVUcCa1isgfOGM0pi5XRaKPsvFtyJ3RAw9AoLzN0nYngTD9Dj/TbWdu1wCW+gekrBUtbhKkBU7xBuBWtQvLxHCB7mHxiOZZqMSYR4kjzzmHEWqSbsG3oYoWhDBXyfHWnlztk8onI9sysiBMboJe7yybmne0PilZkLmkpZcTUefUKyrCQF1l49BIF5J5R+QC7Uh6dHCNXx1zFesVKBqmaWumlKCXssycEUFfNqoTD9rtlMnQ5U6aQEEfYpRClMS8SYdsY+K9daM0lEEncjfZrpUaZR5jQJo+M1CHSmfrv7qU36Hqi+vNWBK8YIH1raMkg17ZMYBhA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDPDCCAiSgAwIBAgIEUO+oMjANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDEOMAwGA1UECBMFVG9reW8xFDASBgNVBAoTC3BpbmVhcy10ZXN0MQ8wDQYDVQQLEwZwaW5lYXMxGjAYBgNVBAMTEXBpbmVhcy5waW9uZWVyLmpwMB4XDTEzMDExMTA1NTA0MloXDTMzMDEwNjA1NTA0MlowYDELMAkGA1UEBhMCSlAxDjAMBgNVBAgTBVRva3lvMRQwEgYDVQQKEwtwaW5lYXMtdGVzdDEPMA0GA1UECxMGcGluZWFzMRowGAYDVQQDExFwaW5lYXMucGlvbmVlci5qcDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKUzsdfIqPe81UYNgyeBsnSvZcNGoTsn/SEnvo09IXjaQxOHUhPY/RQmsAK6ZnjlVNi1zO+0W71KF4Kl1sLJC3Yhv92aoL09cJfWlx/AYz5wpAm7B/om2CYADxoAsaT5+Wlif+aO2CAgwVCLIZzMhIF1B6YX+c3+WnWZceHvzy8F04mCeFFsT9sf6VQ3ZGiZXK8U9CnfdOFYMb/GCgUyqut/jpgCXvyzwZ4aGPBIOuCDuMDhfw6tvTjf0W2lAgmWmcjPs0kmDtV9SHOAPOYBCPrDDjFJsQwLiCwJiHYFMCKnIRNfXzGs9xttFkt4/WOgMMSo2suttvu2JZ7GhoFZJrkCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAPMsJkuDhxeZwwd7XEbLi+2847JVzpvR1R90azkdvq9bJrs/b4IZMEJo+Qbswb+KajV/1W40kf+wjOEwvpDmyILD9Ds0zuVEipzGv+wAsQd6WMl5GcDTNs/PQqn8hEf/+l0llJeZ5DHbzUSZRd91Y2AAM2q2gcRo/PJkMB110Arl1POaCWCEKqyLfIA2g9ZaxXqUYEWk1rs4NeR/T+7hPm2HZzPRm4zbcfETIcoFqoymlx++TgFACy5ZoSAuMfEE6X9G6sySAvVyStqHD1sZiD8AoRKMCVll7u2zNQYjuIHCtIfqDDP3WlhAEJ7Bm1YmK2PEOKADn3msG3dt2pf92zQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml2p:AuthnRequest>
I just save them as a pure xml and converted them into an array.
Like :
$xml = new SimpleXMLElement('<?xml version="1.0" encoding="UTF-8"?><saml2p:AuthnRequest AssertionConsumerServiceURL="http://applpf.pioneer.co.jp/" ID="0011e577-5e4a-46b5-9703-888294c0bd66" IssueInstant="2013-01-14T06:19:51.626Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Version="2.0" xmlns:ns4="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><saml2:Issuer>applpf.pioneer.jp</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#0011e577-5e4a-46b5-9703-888294c0bd66"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>PWG+OxqzVzA0piHjtvsjh/MlChA=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>gcoF7BZAJ0W85PK9tbSvJT0aTATQTysFmi+FxyLfZvhA7nHtmYqqXfy9r2r73Jai1qCruPUGmOx3IpjP9wjBPnCCCx/gHW8UjPdAJlLhNBK17svKEmx4uMranN5M/MLrFnqkQduuzmMXl/xio3+iJs4Tldo/5wL4L99Go58l+BMGurEdgmh744E7v+yvniS1thPjc2E07Dlb0o5rdlqkEYYPL2CR0r8er3IXdT2+939iaoD8h+B3v9zu6M6qNcOTfVz9HmV54/sIB15u9cl7efDIsHj4/uAlnqZTg66EgrD44Cj0J2b7z8mo1Qdd+8b59vRA6DtRXw3DnIE3hKeMRw==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDPDCCAiSgAwIBAgIEUO+oMjANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDEOMAwGA1UECBMFVG9reW8xFDASBgNVBAoTC3BpbmVhcy10ZXN0MQ8wDQYDVQQLEwZwaW5lYXMxGjAYBgNVBAMTEXBpbmVhcy5waW9uZWVyLmpwMB4XDTEzMDExMTA1NTA0MloXDTMzMDEwNjA1NTA0MlowYDELMAkGA1UEBhMCSlAxDjAMBgNVBAgTBVRva3lvMRQwEgYDVQQKEwtwaW5lYXMtdGVzdDEPMA0GA1UECxMGcGluZWFzMRowGAYDVQQDExFwaW5lYXMucGlvbmVlci5qcDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKUzsdfIqPe81UYNgyeBsnSvZcNGoTsn/SEnvo09IXjaQxOHUhPY/RQmsAK6ZnjlVNi1zO+0W71KF4Kl1sLJC3Yhv92aoL09cJfWlx/AYz5wpAm7B/om2CYADxoAsaT5+Wlif+aO2CAgwVCLIZzMhIF1B6YX+c3+WnWZceHvzy8F04mCeFFsT9sf6VQ3ZGiZXK8U9CnfdOFYMb/GCgUyqut/jpgCXvyzwZ4aGPBIOuCDuMDhfw6tvTjf0W2lAgmWmcjPs0kmDtV9SHOAPOYBCPrDDjFJsQwLiCwJiHYFMCKnIRNfXzGs9xttFkt4/WOgMMSo2suttvu2JZ7GhoFZJrkCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAPMsJkuDhxeZwwd7XEbLi+2847JVzpvR1R90azkdvq9bJrs/b4IZMEJo+Qbswb+KajV/1W40kf+wjOEwvpDmyILD9Ds0zuVEipzGv+wAsQd6WMl5GcDTNs/PQqn8hEf/+l0llJeZ5DHbzUSZRd91Y2AAM2q2gcRo/PJkMB110Arl1POaCWCEKqyLfIA2g9ZaxXqUYEWk1rs4NeR/T+7hPm2HZzPRm4zbcfETIcoFqoymlx++TgFACy5ZoSAuMfEE6X9G6sySAvVyStqHD1sZiD8AoRKMCVll7u2zNQYjuIHCtIfqDDP3WlhAEJ7Bm1YmK2PEOKADn3msG3dt2pf92zQ==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></saml2p:AuthnRequest>');
$xml_object = simplexml_load_string($xml->asXML());
finally I put this into methods as parameters
$authnSample->loginByCustomer($xml_object,"\$00astest","password");
in CustomerLoginService class we do
class WsseAuthHeader extends SoapHeader {
private $wss_ns = 'http://docs.oasis-open.org/wss/2004/01/asis-200401-wss-wssecurity-secext-1.0.xsd';
function __construct($user, $pass, $ns = null) {
if ($ns) {
$this->wss_ns = $ns;
}
$auth = new stdClass();
$auth->Username = new SoapVar($user, XSD_STRING, NULL, $this->wss_ns, NULL, $this->wss_ns);
$auth->Password = new SoapVar($pass, XSD_STRING, NULL, $this->wss_ns, NULL, $this->wss_ns);
$username_token = new stdClass();
$username_token->UsernameToken = new SoapVar($auth, SOAP_ENC_OBJECT, NULL, $this->wss_ns, 'UsernameToken', $this->wss_ns);
$security_sv = new SoapVar(
new SoapVar($username_token, SOAP_ENC_OBJECT, NULL, $this->wss_ns, 'UsernameToken', $this->wss_ns),
SOAP_ENC_OBJECT, NULL, $this->wss_ns, 'Security', $this->wss_ns);
parent::__construct($this->wss_ns, 'Security', $security_sv, true);
}
}
and then
$wsse_header = new WsseAuthHeader($this->userid, $this->password);
$this->soapClient = new SoapClient($url, array("trace" => 1, "exception" => 0));
$this->soapClient->__setSoapHeaders(array($wsse_header));
but eventually I still got the error like this:
Exception:SoapFault exception: [HTTP] Internal Server Error in C:\php5\www\PINE_FW_AS_PHPProject\com\pioneer\pine\fw\as\object\CustomerLoginService.php:137 Stack trace: #0 [internal function]: SoapClient->_doRequest('_call('login', Array) #2 C:\php5\www\PINE_FW_AS_PHPProject\com\pioneer\pine\fw\as\object\CustomerLoginService.php(137): SoapClient->login(Array) #3 C:\php5\www\PINE_FW_AS_PHPProject\com\pioneer\pine\fw\as\Authentication.php(76): CustomerLoginService->login(Array) #4 C:\php5\www\SAML\test_authreq01.php(48): Authentication->loginByCustomer(Array, '$00astest', 'password') #5 {main}
can anyone told me , how can I make right access to the Auth Server in a proper way or much simple way.
Upvotes: 0
Views: 1208
Answers (1)
ontananza
Reputation: 392
Im doing a very similar authentication for some web service. Here is the way i do this. One function to convert an array to SoapVar Object.
function arrayToSoapVarObject($array=array(),$nameSpace=NULL,$nodeName=NULL){
$object=array();
foreach ($array as $key=>$val){
if (is_array($val))
$object[$key]= new SoapVar(arrayToSoapVarObject($val,$nameSpace), SOAP_ENC_OBJECT, NULL, $nameSpace, $key, $nameSpace);
elseif (is_string($val))
$object[$key]=new SoapVar($val, XSD_STRING, NULL, $nameSpace, NULL, $nameSpace);
elseif (is_object($val))
$object[$key]=new SoapVar($val, SOAP_ENC_OBJECT, NULL, $nameSpace, NULL, $nameSpace);
}
return $nodeName!=''?new SoapVar((object)$object, NULL, SOAP_ENC_OBJECT, NULL, $nodeName, $nameSpace):(object)$object;
}
Now, simply declare an array in the way it requires the WSSE
$strWSSENS = "http://schemas.xmlsoap.org/ws/2002/12/secext";
$token=array(
'UsernameToken'=>array(
'Username' => 'XXX',
'Password' => 'YYY',
'Organization' => 'ZZZ',
'domain' => 'DEFAULT',
),
);
$objToken=arrayToSoapVarObject($token,$strWSSENS,'UsernameToken');
This objToken is a perfectly well formed SoapVar Object...So we use to make the WSSE Header Security
$objSoapVarWSSEHeader = new SoapHeader($strWSSENS, 'Security', $objToken,true, 'https://actor.com');
try {
$client= new SoapClient($wsdl);
$client->__setSoapHeaders(array($objSoapVarWSSEHeader));
$response=$client->__soapCall('Action',array($arguments),null,null,$output_headers);
}catch (SoapFault $fault){
echo $fault->getMessage();
}
I guess this approach is a bit simple.
Upvotes: 1
Related Questions
- REST API authentication with SAML
- PHP - SOAP API authentication
- SAML 2.0 Authentication Using PHP
- SOAP authentication with PHP
- jax-ws, authentication for php clients
- WSDL to PHP with Basic Auth
- PHP get wsdl behind digest authentication
- How to authenticate non-wsdl soap in PHP
- SOAP authentication with PHP WSDL
- SOAP wsdl, Authorization