Soap integration with WS-Security. I have been trying to build an soap integration that requires requires the below request format using SoapClient and wse-php. I have been racking my brain for a few days trying to get close to the requirements and can't seem to. I could use some guidance on this. Thank you.
<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ebs="http://ebs.health.ontario.ca/" xmlns:hcv="http://hcv.health.ontario.ca/" xmlns:idp="http://idp.ebs.health.ontario.ca/" xmlns:msa="http://msa.ebs.health.ontario.ca/"> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1"> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-FF9156B4BEE23716A1142978895556413">MIIGQzC..truncated..CPo=</wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-30"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ebs hcv idp msa soapenv" /> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#UsernameToken-26"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ebs hcv idp msa soapenv" /> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>nuqM1lGK6rOVruau3woc66AsvIs=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#TS-25"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse ebs hcv idp msa soapenv" /> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>YHFurnR786jGnU0dmhB6AuZMWf0=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#id-27"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="hcv idp msa soapenv" /> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>4HrW5GODU3lE87D24YfwxjGwgCo=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#id-28"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ebs hcv msa soapenv" /> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>mfmdQegqmjMNvXyV0FYGiJwqrwc=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#id-29"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ebs hcv idp msa" /> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>HiE8JaUo37dckfkchYYve9S6LuQ=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>tAb..truncated..Q==</ds:SignatureValue> <ds:KeyInfo Id="KI-FF9156B4BEE23716A1142978895556414"> <wsse:SecurityTokenReference wsu:Id="STR-FF9156B4BEE23716A1142978895556415"> <wsse:Reference URI="#X509-FF9156B4BEE23716A1142978895556413" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsse:UsernameToken wsu:Id="UsernameToken-26"> <wsse:Username>[email protected] </wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Your_Password</wsse:Password> </wsse:UsernameToken> <wsu:Timestamp wsu:Id="TS-25"> <wsu:Created>2015-04-23T11:35:55Z</wsu:Created> <wsu:Expires>2015-04-23T11:45:55Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> <idp:IDP xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-28"> <ServiceUserMUID>432999</ServiceUserMUID> </idp:IDP> <ebs:EBS xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-27"> <SoftwareConformanceKey>8e295ada-a35d-4381-8a6c-f3cd819354a2</SoftwareConformanceKey> <AuditId>5a0a786f-2a86-463c-bf5a-a16ecf2a1c4f</AuditId> </ebs:EBS> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-29"> <hcv:validate> <requests> <hcvRequest> <healthNumber>1216070563</healthNumber> <versionCode>ML</versionCode> <feeServiceCodes>A110</feeServiceCodes> </hcvRequest> </requests> <locale>en</locale> </hcv:validate> </soapenv:Body> </soapenv:Envelope>
I was trying the same thing for a project and just couldn't do it with SoapCllient and wse-php. It was never the right structure to pass the security. In the end, I had to make my own xml builder to produce the right soap structure, and put it in the body of a post request.
I found the wse-php package helpful to learn how to structure the xml, but from what I recall, it didn't cater for BinarySecurityToken.
This blog post helped me understand exactly what was needed:
https://medium.com/@robert.broeckelmann/dsig-part-1-xml-digital-signature-and-ws-security-integrity-225ea3eb894e
A bit of a painful process, but it was doable.
@aleahy Great, thank you for the help and direction.
Please sign in or create an account to participate in this conversation.
