Hi all,
I want to add a username token to our outgoing SOAP requests containing a username, clear(plaintext) password, nonce, and created date like below:
<wsse:UsernameToken wsu:Id=“UsernameToken”>
wsse:Username Administrator </wsse:Username>
<wsse:Password Type=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText ”>manage </wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\ ">+N5aKhsk4nK+mvU6w//HRg== </wsse:Nonce>
wsu:Created 2018-10-15T09:10:09.132Z </wsu:Created>
</wsse:UsernameToken>
Is this possible? What I’ve done so far:
Added a port alias to the consumer WSD’s binding to make the username and password configurable.
Played around with policies. I can get a username token with a username and clear password, and I’ve been able to get it to have a username, hashed password digest, nonce, and created. With IS 10.1, is this even possible, given that policies are only supporting up to WSSecurityPolicy 1.2?
Hi Jondric Zafra,
As you mentioned that “I’ve been able to get it to have a username, hashed password digest, nonce, and created.”, we now need to send the same manner, can you please share the policy if we have like this.
Regards,
Ravi.
Hi all,
I want to add a username token to our outgoing SOAP requests containing a username, clear(plaintext) password, nonce, and created date like below:
<wsse:UsernameToken wsu:Id=“UsernameToken”>
wsse:Username Administrator </wsse:Username>
<wsse:Password Type=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText ”>manage </wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\ ">+N5aKhsk4nK+mvU6w//HRg== </wsse:Nonce>
wsu:Created 2018-10-15T09:10:09.132Z </wsu:Created>
</wsse:UsernameToken>
Is this possible? What I’ve done so far:
Added a port alias to the consumer WSD’s binding to make the username and password configurable.
Played around with policies. I can get a username token with a username and clear password, and I’ve been able to get it to have a username, hashed password digest, nonce, and created. With IS 10.1, is this even possible, given that policies are only supporting up to WSSecurityPolicy 1.2?
another quick update, i am using the below pocily file, however i am getting response “Security processing failed (actions mismatch)”, is there any way to track the SOAP header going out from IS apart from TCP/IP monitor which is not showing anything.
<wsp:Policy wsu:Id=“Username_Over_Transport_Digest” Name=“Username Over Transport with Digest”
xmlns:wsp=“Web Services Policy Framework (WS-Policy) and Web Services Policy Attachment (WS-PolicyAttachment) ”
xmlns:wsu=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd ”>
wsp:ExactlyOne
wsp:All
<sp:TransportBinding xmlns:sp=“XML Namespace Document for WS-Security-Policy 1.2 ”>
wsp:Policy
sp:TransportToken
wsp:Policy
<sp:HttpsToken RequireClientCertificate=“false” />
</wsp:Policy>
</sp:TransportToken>
sp:AlgorithmSuite
wsp:Policy
sp:Basic256Sha256/
</wsp:Policy>
</sp:AlgorithmSuite>
sp:Layout
wsp:Policy
sp:Strict/
</wsp:Policy>
</sp:Layout>
sp:IncludeTimestamp/
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient" >
<wsp:Policy>
<sp:HashPassword/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>