Hi all,
I want to add a username token to our outgoing SOAP requests containing a username, clear(plaintext) password, nonce, and created date like below:
<wsse:UsernameToken wsu:Id=“UsernameToken”>wsse:Username Administrator </wsse:Username>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText ”>manage </wsse:Password>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\ ">+N5aKhsk4nK+mvU6w//HRg== </wsse:Nonce>wsu:Created 2018-10-15T09:10:09.132Z </wsu:Created>
Is this possible? What I’ve done so far:
Added a port alias to the consumer WSD’s binding to make the username and password configurable.
Played around with policies. I can get a username token with a username and clear password, and I’ve been able to get it to have a username, hashed password digest, nonce, and created. With IS 10.1, is this even possible, given that policies are only supporting up to WSSecurityPolicy 1.2?
Hi Jondric Zafra,
As you mentioned that “I’ve been able to get it to have a username, hashed password digest, nonce, and created.”, we now need to send the same manner, can you please share the policy if we have like this.
Regards,
Hi all,
I want to add a username token to our outgoing SOAP requests containing a username, clear(plaintext) password, nonce, and created date like below:
<wsse:UsernameToken wsu:Id=“UsernameToken”>wsse:Username Administrator </wsse:Username>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText ”>manage </wsse:Password>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\ ">+N5aKhsk4nK+mvU6w//HRg== </wsse:Nonce>wsu:Created 2018-10-15T09:10:09.132Z </wsu:Created>
Is this possible? What I’ve done so far:
Added a port alias to the consumer WSD’s binding to make the username and password configurable.
Played around with policies. I can get a username token with a username and clear password, and I’ve been able to get it to have a username, hashed password digest, nonce, and created. With IS 10.1, is this even possible, given that policies are only supporting up to WSSecurityPolicy 1.2?
another quick update, i am using the below pocily file, however i am getting response “Security processing failed (actions mismatch)”, is there any way to track the SOAP header going out from IS apart from TCP/IP monitor which is not showing anything.
<wsp:Policy wsu:Id=“Username_Over_Transport_Digest” Name=“Username Over Transport with Digest”Web Services Policy Framework (WS-Policy) and Web Services Policy Attachment (WS-PolicyAttachment) ”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd ”>wsp:ExactlyOne wsp:All XML Namespace Document for WS-Security-Policy 1.2 ”>wsp:Policy sp:TransportToken wsp:Policy sp:AlgorithmSuite wsp:Policy sp:Basic256Sha256/ sp:Layout wsp:Policy sp:Strict/ sp:IncludeTimestamp/
<sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient" >
<wsp:Policy>
<sp:HashPassword/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>