PHP SOAP Server protected by login/password

I've created a new Soap Server that can be questioned about information about peo开发者_如何转开发ple. Now I'd like to protect this so only soapclients sending valid username and password can access to it.

I know I can send login/password as a parameter, but I don't like this solution. Is there a way to get and test login information sent by soapclient options array?

You might want to use HTTP basic auth.

This way you can specify the user and password directly in the SOAP URL.

Use of SAML 2.0 Single Sign On is more advantageous. You can set the artifact in Cookie. Initial SSO may use a basic HTTP authentication or domain specific methods.

http://www.opengroup.org/security/sso/

https://www.pingidentity.com/resource-center/SAML-Tutorials-and-Resources.cfm

It might help you