axis-c-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Uthaiyashankar <shan...@wso2.com>
Subject Re: Applying Nonce and Created to "PasswordText" UsernameToken and then Encrypting UsernameToken
Date Wed, 29 Jul 2009 06:49:30 GMT
On Wed, Jul 29, 2009 at 6:29 AM, Doughty,
Michael<Michael_Doughty@bmc.com> wrote:
> I am attempting to use Axis2/C with Rampart/C to talk to a Web service which
> requires the following to be done on input:
>
>
>
> (1)     Include a UsernameToken in PasswordText encoding.  Even though it is
> in PasswordText, the WS requires that a Nonce element be passed in with a
> unique value and a Created element be passed in with a value within five
> minutes.

This needs to be implemented in Rampart/C. Since "Nonce" and "Created"
are optional, Rampart/C omits it in the case of plain text password.
But, according to the spec, it is RECOMMENDED to include them, so we
should implement it.

Could you tell which service you are trying to consume? .NET,
Axis2/Java and most of the other frameworks normally don't need these
elements in the case of plain text passwords.


>
> (2)     The Web service then requires that the UsernameToken be encrypted at
> the element level.  The SOAP:Body must also be encrypted using the same
> public server certificate at the content level.


This can be done by including following xml snippet in the policy file.

<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
    <sp:Body />
    <sp:Header Name="UsernameToken"
Namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
/>
</sp:EncryptedParts>

However, according to WS-SecurityPolicy Specification, including
"UsernameToken" in EncryptedParts is wrong. We should fix it properly
in Rampart/C.

Regards,
Shankar


>
>
>
> I have been able to accomplish this using Axis2/Rampart combination for Java
> (though only by using the older method), but I haven’t been able to find
> options to do the same for Axis2/C / Rampart/C combo.  Is it at all possible
> to do this?



-- 
S.Uthaiyashankar
Software Architect
WSO2 Inc.
http://wso2.com/ - "The Open Source SOA Company"

Mime
View raw message