Security_Authenticate call in SoapHeader 4 does a double authentication

[arosha445]

When ever i do a securityAuthenticate request i get this ERR as a result even after a securitySignOut
However after the securityAuthenticate request i can do all other requests such as FareMasterPricerCalendar, FareMasterPricerTravelboardSearch etc.

"status": "ERR",

"messages": [
{
"code": "16001",
"text": "You have already signed-in. Please sign-out first.",
"level": null
}
],
"response": {
"errorSection": {
"applicationError": {
"errorDetails": {
"errorCode": "16001",
"errorCategory": "EC",
"errorCodeOwner": "LSS"
}
},
"interactiveFreeText": {
"freeTextQualif": {
"subject": "3",
"infoType": "TXT",
"language": "EN"
},
"freeText": "You have already signed-in. Please sign-out first."
}
}
},`

This is what i get after **securitySignOut**

`"status": "OK",
"messages": [],
"response": {
"processStatus": {
"statusCode": "P"
}
},

[DerMika]

Which SoapHeader is being used in your WSAP?

[arosha445]

It's using Soap Header Version 4.0

[DerMika]

Ok, 2 things:

1. Can you provide me with the full SOAP request and responses? See Logging request and response in the docs.
2. It's actually not necessary to send a Security_Authenticate message with Soap Header 4. You can just send the message you wish to send, and the library will automatically send authentication data to initialize a new session.

[DerMika]

I suspect that the security_authenticate it sends on SoapHeader 4 has auth headers in the headers, as well as authentication data in the message body. That would explain this error.

[arosha445]

This is the request and response i got from the log
Security_AuthenticateRequest
Security_AuthenticateResponse

If it's not necessary to send a Security_Authencticate, is it also not necessary to do a securitySignOut ? Does the library do signout as well?

[DerMika]

No, a Signout has to be implemented by you yourself. Otherwise you will have problems when trying to get the application certified by Amadeus (which is needed for production access). That is because an active session uses server resources on Amadeus' infrastructure.

Session signout is explained here

[DerMika]

Yes, looking at your request XML, it's as I feared. The library adds authentication headers to the Security_Authenticate message, which in fact makes the message a double authentication message.

I will have to fix that.

But in the mean time just call the message you need, and let the library handle the authentication.

[arosha445]

Yes. I can do all the operations without this. But i was trying to implement a signIn test for phpUnit.
Anyway thanks a lot @DerMika for your time and consideration.

[irfanbaigse]

@DerMika can you pls fix authentication headers ?

[DerMika]

This isn't urgent at all, since it's not necessary to do a separate authentication call in SoapHeader 4.

Just call the message you need, and the session will be started by the client.

[DerMika]

This bug should be fixed now on master since merging #234. It'll be included in the 1.8.0 release