WS-Security,以及如何进行身份验证
[英]WS-Security, and how to Authenticate
问题描述
Documentation of the service, says I need to use WS-Security. 
该服务的文档说,我需要使用WS-Security。 From they support, i got a p12 file, which I should be using. 从他们的支持中,我得到了一个p12文件,我应该使用它。
What I did so far 我到目前为止所做的
I ran up SoapUI application, configured it, added wsdl etc, and got message <faultstring>These policy alternatives can not be satisfied: (...)</faultstring> So I found I need to add basic Auth to the request. 我运行了SoapUI应用程序,对其进行了配置,添加了wsdl等,并得到了消息<faultstring>These policy alternatives can not be satisfied: (...)</faultstring>因此,我发现我需要在请求中添加基本的Auth。 And i got my proper answer. 而且我得到了正确的答案。
What I need now 我现在需要什么
I need to use this to SOAP requests, on my PHP application. 我需要在我的PHP应用程序上将此用于SOAP请求。
First, i changed p12 file into pem , and tried : 首先,我将p12文件更改为pem ,并尝试:
$soapClient = new SoapClient('https://int.pz.gov.pl/pz-services/tpSigning?wsdl',
array('location' => 'https://int.pz.gov.pl/pz-services/tpSigning?wsdl',
'trace' => 1,"exceptions" => 1,
'local_cert'=>'path/cert_file.pem',
'passphrase'=>'cert_password'
));
But I am still getting same fail message about policies not being satisfied: 但是我仍然收到有关策略不满足的失败消息:
These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding: Received Timestamp does not match the requirements
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does not match the token inclusion requirement
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts: Soap Body is not SIGNED in (...)
Help? 救命?
Is it even possible with just PHP? 仅PHP就有可能吗? I tried several solutions, found some class extending SoapClient (using user/password, not p12/pem file), found even solution in c# (which I am too ready to use if that's what I need to do - sending xml to c# with WebSocket, and sending it back to browser), but non of those worked. 我尝试了几种解决方案,找到了一些扩展SoapClient的类(使用用户/密码,而不是p12 / pem文件),甚至找到了c#中的解决方案(如果我需要这样做,我已经准备好使用-使用WebSocket将xml发送到c# ,然后将其发送回浏览器),但没有一个起作用。
1 个解决方案
解决方案1
0 2018-01-26 12:26:42
Changing the cert into pem format is the right way. 将证书更改为pem格式是正确的方法。 The native PHP soap client class can not handle p12 certs. 本机PHP soap客户端类无法处理p12证书。 Have you tried the following? 您是否尝试过以下方法?
try {
$oClient = new SoapClient(
'https://int.pz.gov.pl/pz-services/tpSigning?wsdl',
[
'authentication' => SOAP_AUTHENTICATION_DIGEST,
'exceptions' => true,
'local_cert' => dirname(__FILE__) . 'mycert.pem',
'passphrase' => 'my_passphrase',
'trace' => true,
]
);
} catch (SoapFault $oSoapFault) {
echo "<pre>";
var_dump($oSoapFault);
echo "</pre>";
}
The PHP soap client class uses SOAP_AUTHENTICATION_BASIC by default. 默认情况下,PHP soap客户端类使用SOAP_AUTHENTICATION_BASIC。 Perhaps the DIGEST auth is the right way? 也许DIGEST身份验证是正确的方法? Normally the cert includes all the data. 通常,证书包括所有数据。
You don 't need the location option. 您不需要位置选项。 The location option is just required, when using non-wsdl conversation with target namespace as uri option without a direct wsdl file. 当使用不带直接wsdl文件的带有目标名称空间的非wsdl对话作为uri选项时,仅需要location选项。
And always keep in mind: What works with SoapUI isn 't supposed to run with the native PHP client. 并始终牢记:SoapUI的有效功能不应与本机PHP客户端一起运行。 ;) ;)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.