[SOLVED] PHP / DHL Soap Web service

PHP / DHL Soap Web service

i'm facing an issue with DHL Soap Web services.

I'm trying to create a test request with a basic web service (getRateRequest), but always getting an error about authentication.

I think the problem is related to Soap Basic Authentication required by the service, i've tried different ways to complete authentication, but without success.

Here's some of my test.

Test 1 - Auth in SoapClient setup

$options = array(
  'location' => $endpoint, 
  'login' => $userName,
  'password' => $password,
  'soap_version' => SOAP_1_1,
  'trace' => 1,
  'encoding' => 'utf-8',
  'stream_context' => stream_context_create(['header'=> "Content-Type:text/xml"]),
);  

$client = new SoapClient("https://wsbexpress.dhl.com:443/sndpt/expressRateBook?WSDL", $options);

And send request using __soapCall, passing the soap method and an array with all params.

Test 2 - Auth in XML request (I don't know if this is possible using Soap)

<soapenv:Header>
     <wsse:Security soapenv:mustunderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken wsu:id="UsernameToken-5" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">   
            <wsse:Username>'.$userName.'</wsse:Username>           
            <wsse:Password type="PasswordText">'.$password.'</wsse:Password>
            <wsse:Nonce encodingtype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">eUYebYfsjztETJ4Urt8AJw==</wsse:Nonce>
            <wsu:Created>' . date('Y-m-d H:i:s') . '</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
   <soapenv:Header/>

And send request using CURL with an XML in post.

I think the best method is the Test 1 but always getting an error about Unauthorized user. Of course my credentials are good, because I can test the Soap service using external tools like SoapUI. I just think i'm wrong the authentication.

Thank you in advance

Solution

I think you are mixing up some things. In the beginning you mention Basic Authentication but then your XML example shows a WS-Security header. Which one does the web service use?

The login and password options work only for Basic Authentication, as the SoapClient documentation says. But if your service requires Ws-Security as a SOAP header, then this won't work.

For using Ws-Security you need to extend your SoapClient to send it, as SoapClient doesn't support WS-Security out of the box. See for example:

Connecting to WS-Security protected Web Service with PHP
this example WS-Security for PHP SoapClient
or using SoapHeader with SoapVar to create whatever header you like.