Hi everybody and PHP programmers.

I hava a problem about the WS-Security.

I want to connect to a web service use WS-security. web service provider to give the example that follows :
---------------------------------------
<soapenv:Envelope>
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="true">
<wsu:Timestamp wsu:Id="Timestamp-27789929">
<wsu:Created>2008-02-06T14:04:08Z</wsu:Created>
<wsu:Expires>2008-02-06T14:09:08Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-32278793">
<wsse:Username>KullaniciAdi</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/...en-profile-1.0
#PasswordDigest">PXCtyKVi+1fzkVZaKYgD+lENgbs=</wsse:Password>
<wsse:Nonce>/qmJdpfcepocmQ19ntGmVw==</wsse:Nonce>
<wsu:Created>2008-02-06T14:04:08Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<ns1:IlListesiGetir/>
</soapenv:Body>
</soapenv:Envelope>
----------------------------------------

I created the following data :

--------------------------------------
$password = "xxxxxxxxxx";
$nonce = md5(uniqid(time()));
$created_time = date("Y-m-d\TH:i:s\Z);
$password_digest = base64_encode(sha1($nonce.$created_time.$password) );

$postdata = '<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<Security xmlns="http://docs.oasis-open.org/wss/2004/...secext-1.0.xsd">
<Timestamp Id="Timestamp-'.$time_id.'" >
<Created>'.$created_time.'</Created>
<Expires>'.$expires_time.'</Expires>
</Timestamp>
<UsernameToken Id="UsernameToken-'.$user_id.'">
<Username>'.$username.'</Username>
<Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">'.$password_digest.'</Password>
<Nonce>'.$nonce.'</Nonce>
<Created>'.$created_time.'</Created>
</UsernameToken>
</Security>
</soap:Header>
<soap:Body>
<IlListesiGetir xmlns="http://kps.nvi.gov.tr/WS" />
</soap:Body>
</soap:Envelope>';

--------------------------------------

I am sending a request to the system use PHP CURL. But I'm getting an error like this :

InvalidSecurityTokenAn invalid security token was provided.WSE2439: The incoming Username token must contain both nonce and creation time if the password was sent in hash.

Where is my problem, I could not understand.
Thanks in advance for your assistance.

you use "base64_encode(sha1($nonce.$created_time.$password ) );"
need base64_encode?

here is the password field, it should not come only password in hash?

$password_digest = sha1($password) ;

Hi.

As far as I understand, I must use base64_encode. Because formed in this way the document provider site says.

username token document : http://www.oasis-open.org/committees...kenProfile.pdf

timestamp document : http://www.oasis-open.org/committees...geSecurity.pdf

also getting the same error when I use only the sha1.

hi,
i have had the same problem and the error i get is:

WSSecurityEngine: Callback supplied no password for user

Hi everyone,
related problem was solved.

Make sure the password in producing something with php:

$password = "xxxxxxx";
$created_time_stamp = date("Y-m-d\TH:i:s\Z");
$nonce = uniqid(time());

$password_digest = base64_encode(sha1($nonce.$created_time_stamp.$pas sword, true));

the use of soap in the message:

$noncestring = base64_encode($nonce);

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
.....
<wsse:Nonce>'.$noncestring.'</wsse:Nonce>
....
....
</soapenv:Header>