|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47761 Since 5.2.9 SoapClient no longer attempts Basic auth to retrieve a WSDL file
Submitted: 2009-03-24 13:53 UTC Modified: 2009-10-07 01:00 UTC
Avg. Score:4.8 ± 0.4
Reproduced:5 of 5 (100.0%)
Same Version:4 (80.0%)
Same OS:3 (60.0%)
From: marques at displague dot com Assigned:
Status: No Feedback Package: SOAP related
PHP Version: 5.2.9 OS: *
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2009-03-24 13:53 UTC] marques at displague dot com
Since 5.2.9, SoapClient no longer attempts HTTP Basic authentication to retrieve a wsdl file.

Prior to this version Basic was attempted and Digest was not.  Digest should also be attempted but that is a matter for another bug.  The SoapClient option 'authentication' has no effect on wsdl retrieval.

A work-around is to fetch the WSDL file manually or via PHP commands within the SOAP code, but that method can be cumbersome because digest auth code has to be written from scratch and Bug #47759 (chunk encoding) can get in the way.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-08-06 22:02 UTC] sriram dot natarajan at gmail dot com
why is there still a need to support basic authentication ? can u kindly explain that scenario ?
 [2009-08-07 03:52 UTC] marques at displague dot com
One scenario, you are making your own SOAP Server service.  It is  more difficult to write a digest auth server than it is to write a basic auth server.  Again, consider that PHP web requests are all made as HTTP/1.0 because Chunk decoding is not handled properly (or at all) and so Digest, which is HTTP/1.1 specific is technically not an option without a good deal of custom coding.

Aside from that, I imagine there are just some HTTP/1.0 or Basic only servers out there.
 [2009-09-29 11:20 UTC]
Thank you for your bug report.

How did you try to pass the username and password to the SOAP client? Please try putting them in the URL, like this:
 [2009-10-07 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2012-02-08 05:31 UTC]
$ php -v
PHP 5.2.17-0.dotdeb.0 with Suhosin-Patch 0.9.7 (cli) (built: Jan  7 2011 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies


$wsdl = ...;

$soapOptions = array(
    'login' => '...',
    'password' => '...',
    'trace' => 1,
    'exceptions' => true,
$code_table_client = new RPDesktopCodeTableSoapClient(new SoapClient($wsdl, 

The basic auth works for the initial connection, but other components of the 
WSDL that are being referred to don't load the credentials.
 [2012-02-08 05:38 UTC]

The WSDL depicted there is behind a load balancer which deals with the SSL bits - it's actually served 
over https.

While the initial basic auth works, further requests don't appear to.

I suspect>
 1. WSDL loaded over HTTPS with HTTP Basic Auth
 2. WSDL points to a http address with a port, which is not recognised as the same site
 3. A new request is made to grab the xsd bits
 4. The server redirects http to https

At step 4, the http basic auth credentials are used

SoapFault exception: [WSDL] SOAP-ERROR: Parsing Schema: can't import schema from 
'http://*****:80/codetable-service/CodeTableService?xsd=3' in settings.php:82
Stack trace:
#0 settings.php(82): SoapClient->SoapClient('https://****...', Array)
#1 ettings.php(2): require('...')
#2 {main}

Warning: SoapClient::SoapClient(http://****:80/codetable-service/CodeTableService?xsd=3) 
[soapclient.soapclient]: failed to open stream: HTTP request failed! HTTP/1.1 401 Unauthorized in 
settings.php on line 82

Warning: SoapClient::SoapClient() [soapclient.soapclient]: I/O warning : failed to load external entity 
"http://****:80/codetable-service/CodeTableService?xsd=3" in settings.php on line 82
 [2012-02-09 00:02 UTC]
Further exploration of this issue, after ensuring everything is running happily 
on https:

Configuring a URI of https://name/path/to/wsdl

and receiving a WSDL with 

... fails to trigger the authentication.

Evidently, "https://name:443" and "https://name" are considered different URIs, 
even if they are equivalent.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Fri Dec 01 06:01:30 2023 UTC