WS-Policy: UsernameToken with password digest

prabhavathi_C · September 12, 2016, 1:36pm

We have edited buitlin policy to add HashPassword as mentioned below

             <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
     <wsp:Policy>
            <sp:HashPassword/>
            <sp:WssUsernameToken10/>
     </wsp:Policy>

    </sp:UsernameToken>

With this change I am able to send nonce and created time in wsse:UsernameToken tag.
But the password is still is in plain text.

<wsse:UsernameToken wsu:Id=“UsernameToken-6”>wsse:Usernametest</wsse:Username><wsse:Password Type=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest”>manage</wsse:Password><wsse:Nonce EncodingType=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary”>KF8Ny8T1DjP8LNKEa4qDQQ==</wsse:Nonce>wsu:Created2016-09-12T11:15:33.169Z</wsu:Created></wsse:UsernameToken>

But our requirements is to pass the nonce, created time and password digest.
Please suggest how to proceed further.

we are using 9.10 webMethods

Topic		Replies	Views
WS Security on Consumer WSD: PasswordText with Nonce and Created webMethods , API-Management , SOA	3	2104	April 2, 2021
WSSE Policy Example for usernameToken webMethods , Integration-Server-and-ESB	3	4641	April 2, 2021
Error using custom UsernameToken policy on Consumer WSD webMethods , Integration-Server-and-ESB , Flow-and-Java-services	1	1250	April 2, 2021
Consumer WSD connector(WS Security implementation using Policy) webMethods , API-Management , SOA	2	905	April 2, 2021
Consumer Policy for Username questions webMethods , API-Management , SOA	4	2079	April 2, 2021

WS-Policy: UsernameToken with password digest

Related topics