Extending php SoapClient for siteminder authentication

▼魔方 西西 提交于 2019-12-06 03:39:53

问题


Short Version

I want to extend SoapClient so it does this internally when accessing the WSDL:

curl -L -E /location/of/cert.pem -c /tmp/location/of/cookie.jar https://web-service-provider/servicename?wsdl

Long Version

I've got a SOAP request similar to this:

$serviceUrl = 'https://service-url';
$wsdl = $serviceUrl . '?wsdl';

$proxyServiceUrl = 'http://localhost/myproxy.php?url=$serviceUrl';
$proxyWsdl = 'http://localhost/myproxy.php?url=$wsdl';

$options = array(
  'cache_wsdl'    => WSDL_CACHE_NONE,
  'encoding'      => 'utf-8',
  'soap_version'  => SOAP_1_1,
  'exceptions'    => true,
  'trace'         => true,
  'location'      => $proxyServiceUrl
);

$client = new SoapClient($proxyWsdl, $options);

$params = array( /* */ );
$client->someOperation($params);

As you can see, everything is pretty standard except for the proxy bit.

Reason for the proxy

I wrote the proxy to fulfill a requirement by the web service provider that all end-points including the WSDL be processed through an authentication system called siteminder.

The function of the proxy is quite straight forward, if written in linux command line curl it would be something like this:

curl -L -E /location/of/cert.pem -c /tmp/location/of/cookie.jar https://web-service-provider/servicename?wsdl

To be precise:

* Follow all redirections
* specify location of .pem file (and password)
* specify location of cookie jar

This all works fine :)

BUT recently the service provider decided to changes it's WSDL.

It now imports schema files (.xsd), which is not all that bad, except it is relative to the WSDL.

Being relative to the WSDL file means that the SoapClient parser now looks for the schema files from the proxy's location. ERROR, can't find!

More details about that problem here:

php SoapClient fails when passed a wsdl with relative path schemas

So My Question Is:

How can I rewrite SoapClient (By Extending it of course), to still go through the siteminder authentication but without having to go through that extra proxy?

My initial thoughts are that somehow I have to rewrite the URI accessor function (if one exists) but without much documenation in this area I'm not sure where to start.

Alternatively, I might have to hack SoapServer somehow.

I would appreciate any help I can get, including pointers to any documentation into the internals of SoapClient.


回答1:


If it's just a matter of supplying the .pem file, have you looked into the local_cert option for the SoapClient constructor? That client object should then retain any cookies set for the session. If you need to persist the cookies across sessions too, you could always read them out of the response (use __getLastResponseHeaders) and then use __setCookie to set them again next time.

Or you could just have your proxy replace the relative paths with absolute paths. The wsdl is itself an XML document, after all.

Or you could turn your proxy into an actual proxy and use the proxy_host, proxy_port, proxy_login and proxy_password options.




回答2:


The answer to this head scratching, hair pulling problem can be found here:

http://rabaix.net/en/articles/2008/03/13/using-soap-php-with-ntlm-authentication.

Thanks to Jeffery Fernandez on the php soap mailing list who pointed this out.



来源:https://stackoverflow.com/questions/6212983/extending-php-soapclient-for-siteminder-authentication

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!