Extending php SoapClient for siteminder authentica

2019-04-08 09:38发布

Short Version

I want to extend SoapClient so it does this internally when accessing the WSDL:

curl -L -E /location/of/cert.pem -c /tmp/location/of/cookie.jar https://web-service-provider/servicename?wsdl

Long Version

I've got a SOAP request similar to this:

$serviceUrl = 'https://service-url';
$wsdl = $serviceUrl . '?wsdl';

$proxyServiceUrl = 'http://localhost/myproxy.php?url=$serviceUrl';
$proxyWsdl = 'http://localhost/myproxy.php?url=$wsdl';

$options = array(
  'cache_wsdl'    => WSDL_CACHE_NONE,
  'encoding'      => 'utf-8',
  'soap_version'  => SOAP_1_1,
  'exceptions'    => true,
  'trace'         => true,
  'location'      => $proxyServiceUrl
);

$client = new SoapClient($proxyWsdl, $options);

$params = array( /* */ );
$client->someOperation($params);

As you can see, everything is pretty standard except for the proxy bit.

Reason for the proxy

I wrote the proxy to fulfill a requirement by the web service provider that all end-points including the WSDL be processed through an authentication system called siteminder.

The function of the proxy is quite straight forward, if written in linux command line curl it would be something like this:

curl -L -E /location/of/cert.pem -c /tmp/location/of/cookie.jar https://web-service-provider/servicename?wsdl

To be precise:

* Follow all redirections
* specify location of .pem file (and password)
* specify location of cookie jar

This all works fine :)

BUT recently the service provider decided to changes it's WSDL.

It now imports schema files (.xsd), which is not all that bad, except it is relative to the WSDL.

Being relative to the WSDL file means that the SoapClient parser now looks for the schema files from the proxy's location. ERROR, can't find!

More details about that problem here:

php SoapClient fails when passed a wsdl with relative path schemas

So My Question Is:

How can I rewrite SoapClient (By Extending it of course), to still go through the siteminder authentication but without having to go through that extra proxy?

My initial thoughts are that somehow I have to rewrite the URI accessor function (if one exists) but without much documenation in this area I'm not sure where to start.

Alternatively, I might have to hack SoapServer somehow.

I would appreciate any help I can get, including pointers to any documentation into the internals of SoapClient.

2条回答
对你真心纯属浪费
2楼-- · 2019-04-08 10:17

The answer to this head scratching, hair pulling problem can be found here:

http://rabaix.net/en/articles/2008/03/13/using-soap-php-with-ntlm-authentication.

Thanks to Jeffery Fernandez on the php soap mailing list who pointed this out.

查看更多
Viruses.
3楼-- · 2019-04-08 10:24

If it's just a matter of supplying the .pem file, have you looked into the local_cert option for the SoapClient constructor? That client object should then retain any cookies set for the session. If you need to persist the cookies across sessions too, you could always read them out of the response (use __getLastResponseHeaders) and then use __setCookie to set them again next time.

Or you could just have your proxy replace the relative paths with absolute paths. The wsdl is itself an XML document, after all.

Or you could turn your proxy into an actual proxy and use the proxy_host, proxy_port, proxy_login and proxy_password options.

查看更多
登录 后发表回答