We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

WS-Security

Medium Priority
861 Views
Last Modified: 2013-11-18
Hello,
The implementation of WS-Security using a digest involves sending four pieces of information in the SOAP Security header:
1.      User name
2.      Digest
3.      Nonce
4.      Timestamp
My questions are as follows;
While I am assuming that the Digest and Nonce are setting specific to our security, I would have to get this information from the Developers, right?
Most important, shouldn't it get the TimeStamp on the fly?  Or will any date, and time work.  I do not see having to go in each time to change the Timestamp.
<soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-1998625" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>a</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">g1545zfrRlM+jKbJ59dLYYEw=</wsse:Password>
            <wsse:Nonce>7MIXHSkZ5je4gDi53w</wsse:Nonce>
            <wsu:Created>2008-12-22T18:48:40.873Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
</soapenv:Header>

Open in new window

Comment
Watch Question

Siva Prasanna KumarPrincipal Solutions Architect
CERTIFIED EXPERT
Top Expert 2006

Commented:
Yes you are right about Digest and Nonce, Timestamp part can be either on the fly or static (most of the times we write clients to pick up current time stamp).

But if its just for testing sake then you can have simple static timestamp as seen in you message now.

Author

Commented:
shivaspk,  Might you know the solution?
Principal Solutions Architect
CERTIFIED EXPERT
Top Expert 2006
Commented:
Solution for your other question where you have some problem with Nonce validation?
For the first time I am coming across such an exception and I feel its happening because of you using some static nonce, how did u create that static SOAP request you are using?

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
shivaspk, it is interesting that you would address "the other question" here.  I am not sure which question you are addressing.  I am using SOAPUI to create the soap request.  SOAPUI automatically generates the Digest and Nonce, based on the Username and Timestamp.
Thank you for your help.  There are more questions to come.
Siva Prasanna KumarPrincipal Solutions Architect
CERTIFIED EXPERT
Top Expert 2006

Commented:
Chima,

I am not sure what exactly you are looking for in this question as an answer, probably I couldn't understand it, can you explain a little

Author

Commented:
I was looking to understand WS-Security and SoapUI better.
thanks
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.