chima
asked on
WS-Security
Hello,
The implementation of WS-Security using a digest involves sending four pieces of information in the SOAP Security header:
1. User name
2. Digest
3. Nonce
4. Timestamp
My questions are as follows;
While I am assuming that the Digest and Nonce are setting specific to our security, I would have to get this information from the Developers, right?
Most important, shouldn't it get the TimeStamp on the fly? Or will any date, and time work. I do not see having to go in each time to change the Timestamp.
The implementation of WS-Security using a digest involves sending four pieces of information in the SOAP Security header:
1. User name
2. Digest
3. Nonce
4. Timestamp
My questions are as follows;
While I am assuming that the Digest and Nonce are setting specific to our security, I would have to get this information from the Developers, right?
Most important, shouldn't it get the TimeStamp on the fly? Or will any date, and time work. I do not see having to go in each time to change the Timestamp.
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1998625" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>a</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">g1545zfrRlM+jKbJ59dLYYEw=</wsse:Password>
<wsse:Nonce>7MIXHSkZ5je4gDi53w</wsse:Nonce>
<wsu:Created>2008-12-22T18:48:40.873Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
ASKER
shivaspk, Might you know the solution?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
shivaspk, it is interesting that you would address "the other question" here. I am not sure which question you are addressing. I am using SOAPUI to create the soap request. SOAPUI automatically generates the Digest and Nonce, based on the Username and Timestamp.
Thank you for your help. There are more questions to come.
Thank you for your help. There are more questions to come.
Chima,
I am not sure what exactly you are looking for in this question as an answer, probably I couldn't understand it, can you explain a little
I am not sure what exactly you are looking for in this question as an answer, probably I couldn't understand it, can you explain a little
ASKER
I was looking to understand WS-Security and SoapUI better.
thanks
thanks
But if its just for testing sake then you can have simple static timestamp as seen in you message now.