I'm stuck on developing WSDL-client for my client. I'm newbie with PHP/WSO2, so please be patient with my gaps :) What's the problem: client can connect to server, but receiving
wso2-wsf-php-src-2.1.0/src/wsf_wsdl.c(1073) [wsf_wsdl]Fault payload is <soap:Faulxmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurity</faultcode><faultstring>An error was discovered processing the <wsse:Security> header</faultstring></soap:Fault>
I can't change server configuration, and I can't get information on how server is configured (WSPolicy etc.). WSDL service provider told me that the following properties are used on server side: signing, no crypto, issuerSerial and that's it. Again, the client can connect to server (certificates are correct), but the error appears on response.
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256Rsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
And the some code from a client:
private function getWSPolicy() {
$policyXML = file_get_contents("signp.xml");
$policy = new WSPolicy(array("security"=>$policyXML));
return $policy;
}
private function getWSSecurityToken() {
$clientPrivateKeyPath = 'ssl/key.pem';
$clientCertificate = 'ssl/cert-only.pem';
$serverPem = 'ssl/server.pem';
$pvt_key = ws_get_key_from_file($clientPrivateKeyPath);
$pvt_cert = ws_get_cert_from_file($clientCertificate);
$rec_cert = ws_get_cert_from_file($serverPem);
$sec_token = new WSSecurityToken(array("privateKey" => $pvt_key,
"certificate" => $pvt_cert,
"receiverCertificate" => $rec_cert
));
return $sec_token;
}
public function getClient() {
if ($this->webpay_client == null) {
$serverPem = 'ssl/newcert.pem';
$wsdl_xml = "service.wsdl";
$this->webpay_client = new WSClient
(
array ("wsdl" => $wsdl_xml,
"classmap" => $this->getClassMap(),
"policy" => $this->getWSPolicy(),
"securityToken" => $this->getWSSecurityToken(),
"HTTPMethod" => "post",
"useSOAP" => 1.1,
"CACert" => $serverPem,
)
);
}
return $this->webpay_client;
}
Maybe someone could help/point me how to solve this issue? Or how to debug to set some other options? (Tcpdump shows message and mentioned resoponse).
Edit: I found in wsf log that other policies in WSPolicy were sent to server:
wso2-wsf-php-src-2.1.0/src/wsf_policy.c(221) [WSF/PHP] creating rampart client outgoing policy node
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssX509V3Token10></sp:WssX509V3Token10></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"><wsp:Policy><sp:WssX509V3Token10></sp:WssX509V3Token10></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256Rsa15></sp:Basic256Rsa15></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict></sp:Strict></wsp:Policy></sp:Layout></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"><wsp:Policy><sp:MustSupportRefKeyIdentifier></sp:MustSupportRefKeyIdentifier><sp:MustSupportRefIssuerSerial></sp:MustSupportRefIssuerSerial><sp:MustSupportRefEmbeddedToken></sp:MustSupportRefEmbeddedToken></wsp:Policy></sp:Wss10></wsp:All></wsp:ExactlyOne></wsp:Policy>
Could this produce such error?