Internet2 is investigating a security incident involving a compromise to a confluence server that affected https://spaces.at.internet2.edu on April 10, 2019, which was successfully mitigated on April 12, 2019. If you did not receive an email from us, it’s unlikely that any of the content you submitted to the Internet2 Spaces Wiki needs to be re-entered. We apologize for any inconvenience this may have caused. Should you have any questions or require further assistance, please email collaboration-support@internet2.edu.
Child pages
  • Newcastle University PHP Clients for Grouper Web Service
Skip to end of metadata
Go to start of metadata

This page looks at developing PHP clients for both HTTP Basic Auth and Rampart enabled Grouper WS. One of the core requirements for Grouper WS security is to enable clients to authenticate both against Basic Auth and Rampart enabled Grouper WS. We used the WSO2 Web Services Framework for PHP (WSO2 WSF/PHP)to develop the PHP Clients. WSF/PHP is an open souce framework that supports a wide range of WS-* specification implementations. It can be downloaded at http://wso2.org/downloads/wsf/php/

 WSF/PHP with HTTP Basic Authentication

HTTP Basic Authentication is only supported by WSF/PHP versions 1.3.0 and above so make sure that the latest version of WSF/PHP is installed.

The code below can be used to invoke the getGroupsLite method on a Basic Auth enabled Grouper WS:

<?php


// Request payload string and call the getGroupsLite method
$reqPayloadString = <<<XML
<ns1:getGroupsLite xmlns:ns1="http://soap.ws.grouper.middleware.internet2.edu/xsd"><ns1:param0>v1_3_000</ns1:param0>
                                                                                   <ns1:param1>$_GET[user]</ns1:param1>
                                                                                   <ns1:param2></ns1:param2>
                                                                                   <ns1:param3></ns1:param3>
                                                                                   <ns1:param4>All</ns1:param4>
                                                                                   <ns1:param5></ns1:param5>
										   <ns1:param6></ns1:param6>
                                                                                   <ns1:param7></ns1:param7>
                                                                                   <ns1:param8></ns1:param8>
                                                                                   <ns1:param9></ns1:param9>
                                                                                   <ns1:param10></ns1:param10>

XML;


try {
    // Create message with request payload and options
    $reqMessage = new WSMessage($reqPayloadString,
                         array("to" => "http://XXXXX/basicauthgrouper-ws/services/GrouperService",
                               "action" => "http://php.rampart.apache.org"));


    // Create client with options
    $client = new WSClient(array("useWSA" => FALSE,
                                 "httpAuthUsername" => "Username",
	                           "httpAuthPassword" => "Password",
                                 "httpAuthType" => "Basic"));

    // Send request and capture response
    $resMessage = $client->request($reqMessage);
    header("Content-Type: text/xml");
    print_r($resMessage->str);



} catch (Exception $e) {

	if ($e instanceof WSFault) {
		printf("Soap Fault: %s\n", $e->Reason);
	} else {
		printf("Message = %s\n",$e->getMessage());
	}
}
?>

 WSF/PHP with Rampart

WSO2/PHP doesn't contain a WSDL2JAVA tool so we can't a stub to make use of the policies defined in the WSDL. As such, the policy file that defines the security requirements of the service has to be on classpath of the client. The policy.xml used in this instance is shown below:

<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy wsu:Id="UTOverTransport"
	xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
	xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
	<wsp:ExactlyOne>
	  <wsp:All>
		<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
		  <wsp:Policy>
			<sp:TransportToken>
			  <wsp:Policy>
				<sp:HttpsToken RequireClientCertificate="false"/>
			  </wsp:Policy>
			</sp:TransportToken>
			<sp:AlgorithmSuite>
			  <wsp:Policy>
				<sp:Basic256/>
			  </wsp:Policy>
			</sp:AlgorithmSuite>
			<sp:Layout>
			  <wsp:Policy>
				<sp:Lax/>
			  </wsp:Policy>
			</sp:Layout>
		  </wsp:Policy>
		</sp:TransportBinding>
		<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
			<wsp:Policy>
				<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
		  </wsp:Policy>
		</sp:SignedSupportingTokens>
	  </wsp:All>
	</wsp:ExactlyOne>
</wsp:Policy>

 A client that calls the getGroupsLite method on the Rampart enabled Grouper WS with the exact set of parameters as the Java client is given below:

<?php


// Request payload string
$reqPayloadString = <<<XML
<ns1:getGroupsLite xmlns:ns1="http://webservicesRampart.grouper.middleware.internet2.edu/xsd"><ns1:param0>v1_3_000</ns1:param0>
                                                                                               <ns1:param1>$_GET[user]</ns1:param1>
                                                                                               <ns1:param2></ns1:param2>
                                                                                               <ns1:param3></ns1:param3>
                                                                                               <ns1:param4>All</ns1:param4>
                                                                                               <ns1:param5></ns1:param5>
											       <ns1:param6></ns1:param6>
                                                                                               <ns1:param7></ns1:param7>
                                                                                               <ns1:param8></ns1:param8>
                                                                                               <ns1:param9></ns1:param9>
XML;


try {
    // Create message with request payload and options
    $reqMessage = new WSMessage($reqPayloadString,
                         array("to" => "http://XXXXX/grouper-ws/services/GrouperService",
                               "action" => "http://php.rampart.apache.org"));

    // Set up security options
    $policy_xml = file_get_contents("policy.xml");
    $policy = new WSPolicy($policy_xml);
    $security_token = new WSSecurityToken(array("user" => "Username",
                                                "password" => "Password",
                                                "passwordType" => "Digest"));

    // Create client with options
    $client = new WSClient(array("useWSA" => FALSE,
                                 "policy" => $policy,
                                 "securityToken" => $security_token));

    // Send request and capture response
    $resMessage = $client->request($reqMessage);
    header("Content-Type: text/xml");
    print_r($resMessage->str);



} catch (Exception $e) {

	if ($e instanceof WSFault) {
		printf("Soap Fault: %s\n", $e->Reason);
	} else {
		printf("Message = %s\n",$e->getMessage());
	}
}
?>

 The important part of the above code is:

$policy_xml = file_get_contents("policy.xml");
$policy = new WSPolicy($policy_xml);
$security_token = new WSSecurityToken(array("user" => "Username",
                                                "password" => "Password",
                                                "passwordType" => "Digest"));

This indicates the location of policy.xml. It also provides the username/password in the form of a digest.

 Better UI design with XML pagination

XML pagination is used to display the list of users/groups in a more consistent and presentable manner. For example, listgroups.php invokes the getsGroupsLite method, which in turn returns an XML array of groups. The XML array of groups is then presented in a more presentable manner using XML pagination techinques. A code snippet is given below:

//call getGroupsLite method and return an array of groups
$xml = simplexml_load_file("https://community.ncl.ac.uk/rampart/live/getgroups.php?user=$user");

//Total number of Groups
$totalGroups = $xml->xpath("//ns:name");

Both the listgroups.php and the pagination.class.php are provied in the Attachments section. 

 

See Also

Newcastle University Intro Page

  • No labels