Solved

What is causing my SOAP request to display an  'acceptable signature' error?

Posted on 2014-11-11
13
114 Views
Last Modified: 2016-02-16
What would usually cause the following error within PHP/SOAP Requests?


Error: SoapFault exception: [soap:Client] System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> The request is not signed with an acceptable signature. at WebService.WebService.ProcessMessage(Payload& payload) in /var/www/osp/demo1.php:51 Stack trace: #0 /var/www/osp/demo1.php(51): SoapClient->__soapCall('ProcessMessage', Array) #1 {main}
0
Comment
Question by:LAQUE
  • 6
  • 4
13 Comments
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 500 total points
ID: 40436245
Basically, a lot of SOAP requests are digitally signed with a private key. The process is pretty complicated to explain if you're not familiar with PKI and transforms, but think of a digital signature like one of those wax seals that used to be put onto envelopes.

The recipient of an envelope with a wax seal could see two things:
1. If it was broken (which would mean that someone had to break the seal to open the envelope, so the contents might have been altered and you couldn't be certain that the message was real.

2. The wax seal usually had some special design so nobody could easily reproduce that design, but it could be recognized by just about anyone else simply by looking at it. So the recipient could use the wax seal to tell if the envelope was really from someone or if it was from an impostor.

Similarly, a private key can take some data (usually XML) and create a digital signature (looks like a bunch of gibberish) that represents that data. The digital signature is then added to the original message.

Then, on the receiving side, someone takes the public key / certificate that matches the private key and can use it to verify the signature (like someone looking at the wax seal). If the signature can be verified using that public key / certificate, then the recipient can know for sure that the message comes from that sender and has not been altered in any way.

So ultimately, it's all about confirming the sender's identity and preventing someone else from tampering with the data.

Getting back to the technical side of things, the message is saying that either:
1. The server is expecting a digital signature and cannot find one in the message.
OR
2. The server found a digital signature but it's invalid.

Either way, the problem is on the sender's end of things. It sounds like the sender needs to add a digital signature to the SOAP message with a private key and make sure the server/recipient has a copy of the public key.
0
 

Author Comment

by:LAQUE
ID: 40436268
I understand the part of digital signing something for encrypting. The issue i'm running into to is that I'm able to send a basic SOAP request using SOAP Ui and see the output, but when I attempt to use PHP'S soap client I get that error.  How is SOAP Ui able to function and send the request but the php soap client error out?
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40436337
I would suggest using Fiddler or some other proxy to capture both requests and compare them.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40436501
No points for this, but here is my assessment.  SOAP is an antiquated protocol that never really made any sense.  Unless you're the Government with the force of legal authority behind you, able to compel your clients to use SOAP, you're not likely to get anybody to use SOAP any more.  Most of the major web service providers abandoned it years ago.  The internet is littered with the rotting husks of failed SOAP projects, and as a result, PHP SOAP support is pretty lame and is never going to get any better.  Example: identical property names in different namespaces collide.  This bug is 5 years old and has never been fixed.  I consider PHP SOAP support to be dead.  And that makes sense in a holistic sort of way -- nobody who understands modern software development is going to start work on a new SOAP API today.

In contrast, consider RESTful interfaces.  All the major service providers use REST.  It offers all of the benefits of an API without the stupefyingly bad design of SOAP.  I've never met anyone who could not immediately understand and use a RESTful API.  REST is the design that powers the WWW, so it's pretty sure to be around for a while and fairly well debugged.  If you have any choice in the matter, abandon SOAP and choose REST.
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40436523
For what it's worth, SOAP is still the primary protocol for some applications/standards like SAML. It'll be a while before it's completely dead, especially with .NET / WCF making SOAP apps pretty easy to build and consume.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:LAQUE
ID: 40437683
What would be some of my options for connecting to the vendor's server if it's only accepting SOAP requests? I've read in some of the reponses that SOAP almost appears to be a dead end(even thouhg the server i'm trying to extract data from only accepts SOAP requests), but it also appears that using .NET  would be a much easier route to go. Also the machine I would like to run these requests from is Ubuntu/Linux, but I think that would be an issue if I were to go through the .NET route correct?
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40438172
If the server only accepts SOAP requests, then you're stuck with SOAP.

.NET just offers WCF, which is a framework that makes it a little easier to deal with SOAP endpoints. You point it at a WSDL via "add a service reference" and it'll build out objects for you. However, if you're on Linux, then you probably won't be able to efficiently use that route (you'd have to go through Mono, which is a different sort of deal).

If you're on Linux, I'd just suggest using nuSOAP or something.
0
 

Author Comment

by:LAQUE
ID: 40943034
I've requested that this question be deleted for the following reason:

needed to start at the begining with this question.
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40943035
All of the answers up to this point have been applicable to the original question. Even if you have a new question on this topic, this specific question and the answers may help someone else who is searching for the same problem. You can definitely start a new question, but just close this one out by accepting the most valid comment as the answer.
0
 

Author Comment

by:LAQUE
ID: 40945001
Taking a step back with my question. I'm unsure on actually how to implement PHP/SOAPCLIENT. Trying to find more resources on implementing soapui/php's soap client.
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40947258
My recommendation is to accept #40436245 as the solution to the original question. The asker has opened up a separate question on how to implement PHP/SOAP, but the original question (what would cause that particular error message) is still a valid and common question that is correctly answered by my initial comment.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

What is Node.js? Node.js is a server side scripting language much like PHP or ASP but is used to implement the complete package of HTTP webserver and application framework. The difference is that Node.js’s execution engine is asynchronous and event…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now