SoapUI WSDL call to PHP (curl or SoapClient)
Hello.
I have a SoapUI call with username and password that works correctly in SoapUI (when I set password type to PasswordDigest in SoapUI properties). I now need to get this working on a server. My preferred choice is PHP.
I get the following error in my __soapCall: SoapFault exception: [ns1:InvalidSecurity] An error was discovered processing the <wsse:Security> header
I have tried:
- exporting to postman and getting the code from there (the username and password disappear during the import)
- using PHP's Curl for the call
- using PHP's new SoapClient
I cannot get passed the sse security. I tried the following with and without nonce:
$wsseHeader = <<<XML
<wsse:Security xmlns:wsse=$namespace>
<wsse:UsernameToken>
<wsse:Username>your_username</wsse:Username>
<wsse:Password Type="wsse:PasswordDigest">$passwordDigest</wsse:Password>
<wsse:Nonce EncodingType="wsse:Base64Binary">$nonce</wsse:Nonce>
<wsu:Created xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility">$timestamp</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
XML;I have literally tried hundreds of permutations. and read so many blog posts on the matter that have ended up chasing my tail. What am I missing?
Alternatively, can anyone recommend a better way of deploying the soapUI call on a server?
Thanks
Hi insurteched
The issue you're facing sounds from PHP's native SoapClient lacking native support for generating WS-Security UsernameToken headers with PasswordDigest, Nonce, and Timestamp, which is a format SoapUI can produce when configured accordingly.
- Seems your PHP code fails to generate the required WS-Security header format, leading to the [ns1:InvalidSecurity] error.
- This discrepancy arises because SoapUI can automatically generate WS-Security headers when configured, whereas PHP SoapClient only supports basic HTTP authentication and lacks built-in support for WS-Security UsernameToken with PasswordDigest.
Consider using a PHP library that supports WS-Security, such as robrichards/wse-php, which can help generate the required WS-Security headers.
Use a library such as robrichards/wse-php to generate the correct WS-Security headers in PHP. This will allow your PHP server-side code to authenticate successfully with services that require UsernameToken with PasswordDigest, Nonce, and Timestamp—matching what SoapUI produces78.
To learn more - WS-Security (WSS) for API Testing | SoapUI\
Hope this helps - Happy to help further!!
Thank you very much and have a great one!
Warm regards
