Jump to content


Photo

Soap connection to DataPower service


Best Answer Darghon, 05 May 2017 - 08:48 AM

Well, since no one was able to help me, and I've eventually managed to fix this, I'll add my solution (and problems) in this post.

 

So, I needed to connect to a Soap Service using WSSE. Not with a user/pass auth in it, but with a client certificate, a binary security token and such wonderful things.

 

First, I needed to make a p12 certificate file, using my client certificate (with the cert chain) and my private key (used to request the client certificate).

Next, I needed to convert the p12 file to a BASE64 encoded pem file.

 

Finally, in the soap_client constructor, you need to add "local_cert" and "passphrase" in the options part with the full path of the pem file, and your used password (if any).

Next, and this one was my biggest issue, make sure your server can resolve the host address of the webservice. Ping it first, and if needed, add it to your host file *facepalm*

 

Finally, construct your soap envelop (I've used a public PHP WSSE library for mine), and execute the request.

 

Feel free to ask more details if need be.

Go to the full post


  • Please log in to reply
2 replies to this topic

#1 Darghon

Darghon
  • Members
  • PipPipPip
  • Advanced Member
  • 83 posts

Posted 17 April 2017 - 01:42 PM

Hi all,

 

I've been struggling for months with a connection to a DataPower webservice using PHP.

In SoapUI I've managed to get a response (an error message, but a response non the less) but in php, Soap always returns a NULL value.

 

The service in question requires me to use a client certificate.

Creating a p12 keystore with my private key (used to request the certificate) and the complete certificate chain provided by the service host, I'm able to get a connection using SoapUI (by using ssl for each request with the formentioned p12 file)

 

Now, I want to accomplisch the same thing in php, so, I did the following:

- I installed the root and CA2 certificate from the service provider on my php server

- I construct a soap_client using the received wsdl file (same one as I use in SoapUi) and add the below listed options to the constructor

$options = [
    'trace' => 1,
    'exceptions' => 1,
    'local_cert' => $this->_getCertificateLocation('P12_KEYFILE'),
    'passphrase' => $keyfile_passphrase
];

The _getCertificateLocation returns the absolute path of the cert file, which is correct and accessable.

 

Alternatively I've also tried to convert the P12 file to a PEM file using the below command, but results in thee same effect.

openssl pkcs12 -in discimus_keystore.p12 -out discimus.pem -clcerts

Anything I need to add/reconsider? or any advice on this matter?

 

Thanks for any help.

Darghon



#2 Darghon

Darghon
  • Members
  • PipPipPip
  • Advanced Member
  • 83 posts

Posted 29 April 2017 - 04:55 PM

The above is still an issue, anyone?



#3 Darghon

Darghon
  • Members
  • PipPipPip
  • Advanced Member
  • 83 posts

Posted 05 May 2017 - 08:48 AM   Best Answer

Well, since no one was able to help me, and I've eventually managed to fix this, I'll add my solution (and problems) in this post.

 

So, I needed to connect to a Soap Service using WSSE. Not with a user/pass auth in it, but with a client certificate, a binary security token and such wonderful things.

 

First, I needed to make a p12 certificate file, using my client certificate (with the cert chain) and my private key (used to request the client certificate).

Next, I needed to convert the p12 file to a BASE64 encoded pem file.

 

Finally, in the soap_client constructor, you need to add "local_cert" and "passphrase" in the options part with the full path of the pem file, and your used password (if any).

Next, and this one was my biggest issue, make sure your server can resolve the host address of the webservice. Ping it first, and if needed, add it to your host file *facepalm*

 

Finally, construct your soap envelop (I've used a public PHP WSSE library for mine), and execute the request.

 

Feel free to ask more details if need be.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users