Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 835
  • Last Modified:

WS-Security

Hello,
The implementation of WS-Security using a digest involves sending four pieces of information in the SOAP Security header:
1.      User name
2.      Digest
3.      Nonce
4.      Timestamp
My questions are as follows;
While I am assuming that the Digest and Nonce are setting specific to our security, I would have to get this information from the Developers, right?
Most important, shouldn't it get the TimeStamp on the fly?  Or will any date, and time work.  I do not see having to go in each time to change the Timestamp.
<soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-1998625" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>a</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">g1545zfrRlM+jKbJ59dLYYEw=</wsse:Password>
            <wsse:Nonce>7MIXHSkZ5je4gDi53w</wsse:Nonce>
            <wsu:Created>2008-12-22T18:48:40.873Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
</soapenv:Header>

Open in new window

0
chima
Asked:
chima
  • 3
  • 3
1 Solution
 
Siva Prasanna KumarPrincipal Solutions ArchitectCommented:
Yes you are right about Digest and Nonce, Timestamp part can be either on the fly or static (most of the times we write clients to pick up current time stamp).

But if its just for testing sake then you can have simple static timestamp as seen in you message now.
0
 
chimaAuthor Commented:
shivaspk,  Might you know the solution?
0
 
Siva Prasanna KumarPrincipal Solutions ArchitectCommented:
Solution for your other question where you have some problem with Nonce validation?
For the first time I am coming across such an exception and I feel its happening because of you using some static nonce, how did u create that static SOAP request you are using?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
chimaAuthor Commented:
shivaspk, it is interesting that you would address "the other question" here.  I am not sure which question you are addressing.  I am using SOAPUI to create the soap request.  SOAPUI automatically generates the Digest and Nonce, based on the Username and Timestamp.
Thank you for your help.  There are more questions to come.
0
 
Siva Prasanna KumarPrincipal Solutions ArchitectCommented:
Chima,

I am not sure what exactly you are looking for in this question as an answer, probably I couldn't understand it, can you explain a little
0
 
chimaAuthor Commented:
I was looking to understand WS-Security and SoapUI better.
thanks
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now