Hi Gary,
I'm sorry to be late and I hope my response will help you.
When you post you authentication data, you send an XML string (containing
username, password digest) embeded into a SOAP var.
In the other side, server will retrieve your parameters and compare them to
existing users data for validation and access accreditation .
Here an code simple on how to parse your data.
// Get security essential headers :
-- declare namespaces and load document
*$input = file_get_contents('php://input');*
*$wsse = '
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
';*
*$wsu = '
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
';*
*$doc = new \DOMDocument();*
*$doc->loadXML($input); *
*// retrieve elemnts*
*$username = getElementValue($doc, $wsse, "Username");*
*$password = $this->getElementValue($doc, $wsse, "Password");*
*$nonce = $this->getElementValue($doc, $wsse, "Nonce");*
*$created = $this->getElementValue($doc, $wsu, "Created");*
-- You have now all your data, username and password digest which is an
encrypted value of your password*
*
You can compare your password after finding your user by username, and here
I code simple with the reverse method i used to compare the password
*$password = $user->getPassword();*
*$password = sha1($nonce.$password.$timestamp);*
*$password = base64_encode($password);*
*if($password == $passwordDigest) {....*
I hope that this explanation helped you out with your problem, If you have
a question about this please write to me.*
*
* *
*Bousselham El Haddaoui*
*Software Engineer*
*, Azur Systems <http://www.azursystems.com>*
*Mobile :* +212 (0) 648 808 604
On Tue, Aug 20, 2013 at 11:01 PM, Gary Faircloth <arkadianri...@gmail.com>wrote:
> Hi, Bousselham.. did you have any luck getting an answer for parsing
> ws-security headers for your SoapServer? I'm needing to do the same thing.
> Many resources on creating headers for clients, but very little if any on
> hosted services.
>
> -g-
>
> On Monday, July 2, 2012 7:28:52 AM UTC-4, Bousselham wrote:
>>
>> Hi John, David
>>
>> thank you for sharing information, it was very helpful. I managed to
>> write soap headers for WS-Security basic authentication, now I have a
>> problem with parsing those headers on the server side, can give me a hand
>> on this ?
>>
>>
>> Thanks !
>>
>> On 29 June 2012 09:08, djoos <david...@gmail.com> wrote:
>>
>>> Hi Bousselham,
>>>
>>> check out the WSSE authentication bundle: https://github.com/**
>>> escapestudios/**EscapeWSSEAuthenticationBundle<https://github.com/escapestudios/EscapeWSSEAuthenticationBundle>
>>>
>>> Hope this helps!
>>>
>>> Kind regards,
>>> David
>>>
>>> On Wednesday, 27 June 2012 16:41:35 UTC+1, Bousselham wrote:
>>>>
>>>> Hello,
>>>> I developed a web service and now I want to secure it. I found
>>>> WS-Security Standard that handle my case, but I don't any resource talking
>>>> on the implementation of WS-Security with PHP Soap extension. Please give
>>>> any idea on how can I deal with this problem.
>>>>
>>>> Thank You !
>>>>
>>> --
>>> If you want to report a vulnerability issue on symfony, please send it
>>> to security at symfony-project.com
>>>
>>> You received this message because you are subscribed to the Google
>>> Groups "symfony developers" group.
>>> To post to this group, send email to symfon...@googlegroups.com
>>> To unsubscribe from this group, send email to
>>> symfony-devs...@**googlegroups.com
>>> For more options, visit this group at
>>> http://groups.google.com/**group/symfony-devs?hl=en<http://groups.google.com/group/symfony-devs?hl=en>
>>>
>>
>>
>>
>> --
>> Bousselham EL HADDAOUI
>> Ingénieur d'Etat en informatique, Génie Logiciel
>> École Nationale Supérieure d'Informatique et d'Analyse des
>> Systèmes<http://www.ensias.ma/>
>> Tél : +212 6 48 80 86 04
>>
>> --
> --
> If you want to report a vulnerability issue on Symfony, please read the
> procedure on http://symfony.com/security
>
> You received this message because you are subscribed to the Google
> Groups "symfony developers" group.
> To post to this group, send email to symfony-devs@googlegroups.com
> To unsubscribe from this group, send email to
> symfony-devs+unsubscr...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/symfony-devs?hl=en
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "Symfony developers" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/symfony-devs/e4kqbMKS44A/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> symfony-devs+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
--
--
If you want to report a vulnerability issue on Symfony, please read the
procedure on http://symfony.com/security
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to symfony-devs@googlegroups.com
To unsubscribe from this group, send email to
symfony-devs+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
---
You received this message because you are subscribed to the Google Groups
"Symfony developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to symfony-devs+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
