It looks like the PHP SoapClient sticks to the same domain policy (including scheme) for sending the Basic Auth username and password in the WSDL request which is done to import the xsd file in the WDSL schema.
So if the WSDL url has a https
scheme and the import has a http
scheme, PHP is not sending the basic authentication info since the connection is not encrypted anymore when requesting the http
import url (which would compromise the confidentiality of the authentication info).
However it seems that at least for some PHP versions (might be fixed in newer versions) the authentication problem persists even if the http
url redirects to the https
one (on the same domain). After the redirect to a secure URL with the same domain PHP could off course include the given Basic Auth info again.
Solution
In the end the only neat way I found to fix this was making the other party change their WSDL content to import a secure URL (https
one) which has the same scheme, domain and port as the WDSL url itself.
Workaround
If that is not an option for you off course you could always go for the workaround which is to save the WSDL as well as the import(s) as local files and refer to the WDSL file instead of the URL. Off course this would also mean you would have to change the WSDL to import the right local file (instead of the http
URL), and possibly other imports as well. Unfortunately this is the only workaround I know of in this case.
PHP Bug?
I also found this PHP bug report which might be related.