Hi Gary,
I'm sorry to be late and I hope my response will help you.
When you post you authentication data, you send an XML string (containing
username, password digest) embeded into a SOAP var.
In the other side, server will retrieve your parameters and compare them to
existing users data for validation and access accreditation .
Here an code simple on how to parse your data.
// Get security essential headers :
-- declare namespaces and load document
*$input = file_get_contents('php://input');*
*$wsse = '
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
';*
*$wsu = '
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
';*
*$doc = new \DOMDocument();*
*$doc->loadXML($input); *
*// retrieve elemnts*
*$username = getElementValue($doc, $wsse, "Username");*
*$password = $this->getElementValue($doc, $wsse, "Password");*
*$nonce = $this->getElementValue($doc, $wsse, "Nonce");*
*$created = $this->getElementValue($doc, $wsu, "Created");*
-- You have now all your data, username and password digest which is an
encrypted value of your password*
*
You can compare your password after finding your user by username, and here
I code simple with the reverse method i used to compare the password
*$password = $user->getPassword();*
*$password = sha1($nonce.$password.$timestamp);*
*$password = base64_encode($password);*
*if($password == $passwordDigest) {....*
I hope that this explanation helped you out with your problem, If you have
a question about this please write to me.*
*
* *
*Bousselham El Haddaoui*
*Software Engineer*
*, Azur Systems <http://www.azursystems.com>*
*Mobile :* +212 (0) 648 808 604
On Tue, Aug 20, 2013 at 11:01 PM, Gary Faircloth <[email protected]>wrote:
> Hi, Bousselham.. did you have any luck getting an answer for parsing
> ws-security headers for your SoapServer? I'm needing to do the same thing.
> Many resources on creating headers for clients, but very little if any on
> hosted services.
>
> -g-
>
> On Monday, July 2, 2012 7:28:52 AM UTC-4, Bousselham wrote:
>>
>> Hi John, David
>>
>> thank you for sharing information, it was very helpful. I managed to
>> write soap headers for WS-Security basic authentication, now I have a
>> problem with parsing those headers on the server side, can give me a hand
>> on this ?
>>
>>
>> Thanks !
>>
>> On 29 June 2012 09:08, djoos <[email protected]> wrote:
>>
>>> Hi Bousselham,
>>>
>>> check out the WSSE authentication bundle: https://github.com/**
>>> escapestudios/**EscapeWSSEAuthenticationBundle<https://github.com/escapestudios/EscapeWSSEAuthenticationBundle>
>>>
>>> Hope this helps!
>>>
>>> Kind regards,
>>> David
>>>
>>> On Wednesday, 27 June 2012 16:41:35 UTC+1, Bousselham wrote:
>>>>
>>>> Hello,
>>>> I developed a web service and now I want to secure it. I found
>>>> WS-Security Standard that handle my case, but I don't any resource talking
>>>> on the implementation of WS-Security with PHP Soap extension. Please give
>>>> any idea on how can I deal with this problem.
>>>>
>>>> Thank You !
>>>>
>>> --
>>> If you want to report a vulnerability issue on symfony, please send it
>>> to security at symfony-project.com
>>>
>>> You received this message because you are subscribed to the Google
>>> Groups "symfony developers" group.
>>> To post to this group, send email to [email protected]
>>> To unsubscribe from this group, send email to
>>> symfony-devs...@**googlegroups.com
>>> For more options, visit this group at
>>> http://groups.google.com/**group/symfony-devs?hl=en<http://groups.google.com/group/symfony-devs?hl=en>
>>>
>>
>>
>>
>> --
>> Bousselham EL HADDAOUI
>> Ingénieur d'Etat en informatique, Génie Logiciel
>> École Nationale Supérieure d'Informatique et d'Analyse des
>> Systèmes<http://www.ensias.ma/>
>> Tél : +212 6 48 80 86 04
>>
>> --
> --
> If you want to report a vulnerability issue on Symfony, please read the
> procedure on http://symfony.com/security
>
> You received this message because you are subscribed to the Google
> Groups "symfony developers" group.
> To post to this group, send email to [email protected]
> To unsubscribe from this group, send email to
> [email protected]
> For more options, visit this group at
> http://groups.google.com/group/symfony-devs?hl=en
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "Symfony developers" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/symfony-devs/e4kqbMKS44A/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> For more options, visit https://groups.google.com/groups/opt_out.
>
--
--
If you want to report a vulnerability issue on Symfony, please read the
procedure on http://symfony.com/security
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
---
You received this message because you are subscribed to the Google Groups
"Symfony developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
