CODEWITHSUNDEEP
phpsoap-clientws-security
Tero Lahtinen
Tero Lahtinen

Reputation: 524

PHP Soap client with ws-security

How should I implement a SOAP client that consumes a service using ws-security.

I have this binding information

<wsHttpBinding>
<binding name="WSHttpBinding_Service" closeTimeout="00:01:00"
                    openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                    bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                        <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
                        <security mode="TransportWithMessageCredential">
                                <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="false" />
                        </security>
                    </binding>
      </wsHttpBinding>

To my understanding this a .Net configuration and must be mapped to corresponding definitions in PHP.

The wsHttpBinding to my understanding means that SOAP1.1 must be used, and that seems to be working fine.

However, it the security settings are a big problem.

Is there any PHP library that supports WS Security?

I have tried to add a security header to PHP call:

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>username</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken></wsse:Security>

However, this does not help. Am I missing something?

There are many questions in Stackoverflow on PHP and WS-Security, but I have not found any of them helpful.

EDIT: It turned out that there were problems in the server side.

Upvotes: 1

Views: 3781

Answers (1)

ʰᵈˑ
ʰᵈˑ

Reputation: 11375

You can use the vanilla PHP SoapClient (and friends) by using SoapVar to set the SOAP headers. For example;

$objSoapClient = new \SoapClient([...]);

$strXML = <<<XML
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:Username>username</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
    </wsse:UsernameToken>
</wsse:Security>
XML;
$objAuthVar = new \SoapVar($strXML, XSD_ANYXML);
$objAuthHeader = new \SoapHeader("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", 'Security', $objAuthVar, false);

$objSoapClient->__setSoapHeaders(array($objAuthHeader));

Upvotes: 2

Related Questions