On Wed, Jul 29, 2009 at 6:29 AM, Doughty, Michael<michael_doug...@bmc.com> wrote: > I am attempting to use Axis2/C with Rampart/C to talk to a Web service which > requires the following to be done on input: > > > > (1) Include a UsernameToken in PasswordText encoding. Even though it is > in PasswordText, the WS requires that a Nonce element be passed in with a > unique value and a Created element be passed in with a value within five > minutes.
This needs to be implemented in Rampart/C. Since "Nonce" and "Created" are optional, Rampart/C omits it in the case of plain text password. But, according to the spec, it is RECOMMENDED to include them, so we should implement it. Could you tell which service you are trying to consume? .NET, Axis2/Java and most of the other frameworks normally don't need these elements in the case of plain text passwords. > > (2) The Web service then requires that the UsernameToken be encrypted at > the element level. The SOAP:Body must also be encrypted using the same > public server certificate at the content level. This can be done by including following xml snippet in the policy file. <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Body /> <sp:Header Name="UsernameToken" Namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; /> </sp:EncryptedParts> However, according to WS-SecurityPolicy Specification, including "UsernameToken" in EncryptedParts is wrong. We should fix it properly in Rampart/C. Regards, Shankar > > > > I have been able to accomplish this using Axis2/Rampart combination for Java > (though only by using the older method), but I haven’t been able to find > options to do the same for Axis2/C / Rampart/C combo. Is it at all possible > to do this? -- S.Uthaiyashankar Software Architect WSO2 Inc. http://wso2.com/ - "The Open Source SOA Company"
