I've ran into services in the past that supported WS-Addressing, but it was only recently that I worked with one requiring it in addition to WS-Security. It's not very difficult to implement, but I threw together a library for anyone else that might need to leverage it.
WS-Addressing Library: soap-wsa.php WS-Addressing Example: soap-wsa-example.php * The example also uses WS-Security (not required for WS-Addressing) but demonstrates some new WS-Security functionality.
The functionality has only been implemented for a SOAP client side and has only been tested against a .NET service. If anyone runs into any bugs or interoperability issues, please let me know so they can be addressed.
I've been asked many times why I have only been providing functionality for the client and not for the server. The reason is that the majority of people requiring this functionality need it because the service they want to work with requires it and they don't have a choice. Working with these technologies on the server side can be done but is not as straight forward as using a library. Hopefully I will have some time soon to write a little more on this, but I only field a few questions every couple months on this subject and I doubt many people are currently worried about trying to implement something like this, so I'm not in a rush
The service I was using also required the addressing headers to be signed, so I also added a new property signAllHeaders to the WS-Security library. It is a boolean, defaulting to FALSE that indicates whether all headers (the immediate children on the SOAP header element - excluding the Security element since it is handled differently) should be signed. Simply set the property after instantiating the object.
$objWSSE = new WSSESoap($dom);
$objWSSE->signAllHeaders = TRUE;
As I did with the XML Sec and WS-Security libraries, The WS-Addressing code is also released into the public domain with no restrictions.
I havent had any time to work on it so I threw together something really fast and simple. It demonstrates handling a SOAP request that used WS-Security to digitally sign the payload. It's very crude and basic, but should provide a good starting point to add additional decryption and usertoken handling. You can find the files with the rest of the source code: http://www.cdatazone.org/index.php?/pages/source.html
Unbelievable!!! This is extremely helpful to me ! I will be playing with your code for next couple of days. Ultimately what i want to do is to come up with an alternative for WSS4J for Axis.
Do you think you can give me your email for reporting problems and advice?
First off, thanks to Rob for writing all of this. It works great. I'm using it to connect to a Java ESB that my team is working on. So I guess you can say that it not only works on .NET, but it works in the J2EE world. If anyone is interested, we are using XFire and WSS4J right now.
Unortunately I don't know of any WSSE implementations for PHP 4. I had taken a look at providing an implementation for PHP 4, but found no easy way to implement canonicalization for handling signatures. Unlike PHP 5, domxml in PHP 4 does not have a C14N method implemented and doesnt have the support in the saveXML functionality for the needed serialization options to be able to create it as I did in my libs for the pre 5.2 versions. You would need to have a custom domxml build providing the necessary functionality to be able to do this easily as no new features will be added to domxml.