Signing a Single SOAP Header Node/Element
44 views
Skip to first unread message
Grace Cortright
Sep 8, 2023, 1:25:36 PM9/8/23
to wse-php
Hi,
I have been using XmlSecLibs for signing SAML request and now need to sign a SOAP request. The spec for the SAML requests requires signing the entire request, but for my SOAP request, I need only to sign the wsa:To element. XMLSecLib appears to only allow signing of the entire document. Is there any way to achieve this with wse-php (my guess is no since it uses xmlseclibs) or is there some way to achieve it with xmlseclib that I didn't see?
I tried having the wsaTo node in its own dom, signing that, and importing the entire shebang to the dom with the rest of the request, setting the reference URI manually, and adding my own binary security token node. No joy (perhaps because it mucked with canonicalization? not sure).
Any guidance would be most welcome!
G
I have been using XmlSecLibs for signing SAML request and now need to sign a SOAP request. The spec for the SAML requests requires signing the entire request, but for my SOAP request, I need only to sign the wsa:To element. XMLSecLib appears to only allow signing of the entire document. Is there any way to achieve this with wse-php (my guess is no since it uses xmlseclibs) or is there some way to achieve it with xmlseclib that I didn't see?
I tried having the wsaTo node in its own dom, signing that, and importing the entire shebang to the dom with the rest of the request, setting the reference URI manually, and adding my own binary security token node. No joy (perhaps because it mucked with canonicalization? not sure).
Any guidance would be most welcome!
G
Rob
Sep 8, 2023, 1:45:04 PM9/8/23
to wse-php
Wether you use the WSASoap or WSSESoap class, you can set the following on your object:
$options = array("signSpecificHeaders" => array(WSASoap::WSANS_2005 => array('Timestamp' => true)));
$objWSSE->signSoapDoc($objKey, $options);
$obj->signBody = false;
When calling the signSoapDoc method you can pass it the option signSpecificHeaders to limit it to only certain header elements
When calling the signSoapDoc method you can pass it the option signSpecificHeaders to limit it to only certain header elements
i.e
$options = array("signSpecificHeaders" => array(WSASoap::WSANS_2005 => array('Timestamp' => true)));
$objWSSE->signSoapDoc($objKey, $options);
If you need to use xmlseclibs and not wse-php then just look at the code in the signSoapDoc on what it is doing via xmlseclibs to do this
Grace Cortright
Sep 8, 2023, 1:49:01 PM9/8/23
to wse...@googlegroups.com
Thanks, Rob! I am using WSASoap and did eventually find the signSpecificHeaders option, though I am passing the header to be signed in a different manner -- it doesn't error but perhaps that is my issue. I'll try passing it as you indicate.
Best,
G
Best,
G
--
You received this message because you are subscribed to the Google Groups "wse-php" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wse-php+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wse-php/422cce13-62f8-4429-bd4d-f7783b82cbd7n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages