phpsoapsoap-clientws-securitysoapheader

Digitally Sign soap headers in php


I am using native php SoapClient to create a Client to consume a web service. I need to sign the soap request headers for making request to the Server. Has anyone done this before? I couldn't find a latest information. There is this php extension called WSF but it's old (it's been 6 years it hasn't been updated.). If you have done this before then please let me know. Thank you in advance.


Solution

  • WSF for PHP is not supported since a while and it's a pain to get it working with latest PHP versions (Please detail your dev environnement). Axis2/c the main Soap framework behind WSF for PHP is always maintained but not actively. ( and full of memleak for the 1.6.0 ) However, some guys are dealing to release the 1.7.0.

    when we are talking about Signing, we refer to implementing a WS-Security strategy. In the background this a module of Axis2/c named Rampart/c. Rampart/c is ATTIC (see http://attic.apache.org/) meaning deprecated but still working fine with the latest of Axis2/c ( svn trunk )

    It's not clear what you want to sign. If you refer to implementing a Username Token you can give a try to install WSF for PHP by yourself. You will need to set both WSUsernameToken and WSPolicy objects, with respectively credentials and policy according to your soap contract. Otherwise, if you are refering to sign some parts of your Soap Headers ( such as WS-Adressing ( replyTo etc. ) please advice.

    so if you are talking about UsernameToken, a working policy would be :

    <wsp:Policy wsu:Id="RmPolicy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm/policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:sanc="http://ws.apache.org/sandesha2/c/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsp:ExactlyOne>
        <wsp:All>
    <sp:TransportBinding>
                <wsp:Policy>
                </wsp:Policy>
            </sp:TransportBinding>
            <sp:SignedSupportingTokens>
                <wsp:Policy>
                    <sp:UsernameToken
                        sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                        <wsp:Policy>
                            <sp:WssUsernameToken10 />
                        </wsp:Policy>
                    </sp:UsernameToken>
                </wsp:Policy>
            </sp:SignedSupportingTokens
        </wsrm:RMAssertion>
        </wsp:All>
    </wsp:ExactlyOne>
    

    I decided to rewrite a Php extension for Axis2/c (only the client) using PHPCPP. Here you will find the project.

    if you are running under Ubuntu and PHP >= 5.6 you can give a try with this solution and provide some additional feedback. I backported the header, SecurityToken, Policy, Fault, Client, Message.. I will continue to improve it and there is still some missing features. Installation is not easy and it require to compile everything

    Now regarding doing this job in native PHP.. don't know.