Posted on 2009-02-18
Last Modified: 2013-11-18
The implementation of WS-Security using a digest involves sending four pieces of information in the SOAP Security header:
1.      User name
2.      Digest
3.      Nonce
4.      Timestamp
My questions are as follows;
While I am assuming that the Digest and Nonce are setting specific to our security, I would have to get this information from the Developers, right?
Most important, shouldn't it get the TimeStamp on the fly?  Or will any date, and time work.  I do not see having to go in each time to change the Timestamp.

      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="">

         <wsse:UsernameToken wsu:Id="UsernameToken-1998625" xmlns:wsu="">


            <wsse:Password Type="">g1545zfrRlM+jKbJ59dLYYEw=</wsse:Password>






Open in new window

Question by:chima
    LVL 23

    Expert Comment

    Yes you are right about Digest and Nonce, Timestamp part can be either on the fly or static (most of the times we write clients to pick up current time stamp).

    But if its just for testing sake then you can have simple static timestamp as seen in you message now.

    Author Comment

    shivaspk,  Might you know the solution?
    LVL 23

    Accepted Solution

    Solution for your other question where you have some problem with Nonce validation?
    For the first time I am coming across such an exception and I feel its happening because of you using some static nonce, how did u create that static SOAP request you are using?

    Author Comment

    shivaspk, it is interesting that you would address "the other question" here.  I am not sure which question you are addressing.  I am using SOAPUI to create the soap request.  SOAPUI automatically generates the Digest and Nonce, based on the Username and Timestamp.
    Thank you for your help.  There are more questions to come.
    LVL 23

    Expert Comment


    I am not sure what exactly you are looking for in this question as an answer, probably I couldn't understand it, can you explain a little

    Author Closing Comment

    I was looking to understand WS-Security and SoapUI better.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Preface This is the third article about the EE Collaborative Login Project. A Better Website Login System ( introduces the Login System and shows how to implement a login page. The EE Collaborative Logi…
    A list of useful business intelligence software.
    Viewers will learn how to use the Hootsuite Dashboard.
    The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now