?
Solved

What is causing my SOAP request to display an  'acceptable signature' error?

Posted on 2014-11-11
13
Medium Priority
?
194 Views
Last Modified: 2016-02-16
What would usually cause the following error within PHP/SOAP Requests?


Error: SoapFault exception: [soap:Client] System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> The request is not signed with an acceptable signature. at WebService.WebService.ProcessMessage(Payload& payload) in /var/www/osp/demo1.php:51 Stack trace: #0 /var/www/osp/demo1.php(51): SoapClient->__soapCall('ProcessMessage', Array) #1 {main}
0
Comment
Question by:LAQUE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
13 Comments
 
LVL 35

Accepted Solution

by:
gr8gonzo earned 1500 total points
ID: 40436245
Basically, a lot of SOAP requests are digitally signed with a private key. The process is pretty complicated to explain if you're not familiar with PKI and transforms, but think of a digital signature like one of those wax seals that used to be put onto envelopes.

The recipient of an envelope with a wax seal could see two things:
1. If it was broken (which would mean that someone had to break the seal to open the envelope, so the contents might have been altered and you couldn't be certain that the message was real.

2. The wax seal usually had some special design so nobody could easily reproduce that design, but it could be recognized by just about anyone else simply by looking at it. So the recipient could use the wax seal to tell if the envelope was really from someone or if it was from an impostor.

Similarly, a private key can take some data (usually XML) and create a digital signature (looks like a bunch of gibberish) that represents that data. The digital signature is then added to the original message.

Then, on the receiving side, someone takes the public key / certificate that matches the private key and can use it to verify the signature (like someone looking at the wax seal). If the signature can be verified using that public key / certificate, then the recipient can know for sure that the message comes from that sender and has not been altered in any way.

So ultimately, it's all about confirming the sender's identity and preventing someone else from tampering with the data.

Getting back to the technical side of things, the message is saying that either:
1. The server is expecting a digital signature and cannot find one in the message.
OR
2. The server found a digital signature but it's invalid.

Either way, the problem is on the sender's end of things. It sounds like the sender needs to add a digital signature to the SOAP message with a private key and make sure the server/recipient has a copy of the public key.
0
 

Author Comment

by:LAQUE
ID: 40436268
I understand the part of digital signing something for encrypting. The issue i'm running into to is that I'm able to send a basic SOAP request using SOAP Ui and see the output, but when I attempt to use PHP'S soap client I get that error.  How is SOAP Ui able to function and send the request but the php soap client error out?
0
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 40436337
I would suggest using Fiddler or some other proxy to capture both requests and compare them.
0
A new era in Cloud training has arrived.

A day that will go down in Cloud history.. But are you ready for it? Will you accept this Cloud challenge?

 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40436501
No points for this, but here is my assessment.  SOAP is an antiquated protocol that never really made any sense.  Unless you're the Government with the force of legal authority behind you, able to compel your clients to use SOAP, you're not likely to get anybody to use SOAP any more.  Most of the major web service providers abandoned it years ago.  The internet is littered with the rotting husks of failed SOAP projects, and as a result, PHP SOAP support is pretty lame and is never going to get any better.  Example: identical property names in different namespaces collide.  This bug is 5 years old and has never been fixed.  I consider PHP SOAP support to be dead.  And that makes sense in a holistic sort of way -- nobody who understands modern software development is going to start work on a new SOAP API today.

In contrast, consider RESTful interfaces.  All the major service providers use REST.  It offers all of the benefits of an API without the stupefyingly bad design of SOAP.  I've never met anyone who could not immediately understand and use a RESTful API.  REST is the design that powers the WWW, so it's pretty sure to be around for a while and fairly well debugged.  If you have any choice in the matter, abandon SOAP and choose REST.
0
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 40436523
For what it's worth, SOAP is still the primary protocol for some applications/standards like SAML. It'll be a while before it's completely dead, especially with .NET / WCF making SOAP apps pretty easy to build and consume.
0
 

Author Comment

by:LAQUE
ID: 40437683
What would be some of my options for connecting to the vendor's server if it's only accepting SOAP requests? I've read in some of the reponses that SOAP almost appears to be a dead end(even thouhg the server i'm trying to extract data from only accepts SOAP requests), but it also appears that using .NET  would be a much easier route to go. Also the machine I would like to run these requests from is Ubuntu/Linux, but I think that would be an issue if I were to go through the .NET route correct?
0
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 40438172
If the server only accepts SOAP requests, then you're stuck with SOAP.

.NET just offers WCF, which is a framework that makes it a little easier to deal with SOAP endpoints. You point it at a WSDL via "add a service reference" and it'll build out objects for you. However, if you're on Linux, then you probably won't be able to efficiently use that route (you'd have to go through Mono, which is a different sort of deal).

If you're on Linux, I'd just suggest using nuSOAP or something.
0
 

Author Comment

by:LAQUE
ID: 40943034
I've requested that this question be deleted for the following reason:

needed to start at the begining with this question.
0
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 40943035
All of the answers up to this point have been applicable to the original question. Even if you have a new question on this topic, this specific question and the answers may help someone else who is searching for the same problem. You can definitely start a new question, but just close this one out by accepting the most valid comment as the answer.
0
 

Author Comment

by:LAQUE
ID: 40945001
Taking a step back with my question. I'm unsure on actually how to implement PHP/SOAPCLIENT. Trying to find more resources on implementing soapui/php's soap client.
0
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 40947258
My recommendation is to accept #40436245 as the solution to the original question. The asker has opened up a separate question on how to implement PHP/SOAP, but the original question (what would cause that particular error message) is still a valid and common question that is correctly answered by my initial comment.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question