Hi Aaron, We have a web service using Axis2 and rampart 1.3 and we'd like to use > UsernameToken with password digest and authenticate the user against our > LDAP server. > Here's the problem: we don't have access to the clear text password since > it is stored in a digested format in LDAP.
Yes, this is a known limitation. > We use the same algorithm to hash our passwords as should be used for > password digest (Base64 encoded SHA-1 hash) as specified in this document: > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf > It would be great if there was an alternative method on WSPasswordCallback > like setDigestedPassword so that you could set it to the pre-digested value > and then in whatever code tries to match this value with the value sent in > the soap headers, it would see that the password property was null, then > check the digestedPassword value and use that straight-up. This is a good suggestion. WSPasswordCallback is from Apache WSS4J. Please create a JIRA [1] for this in WSS4J. > Is there some way I can override this behavior without modifying the > source? IFAIK, answer is no. > The client is some PHP code and it is not clear to me how to have it use > the PasswordText option... > What is the PHP stack the client is using ? thanks, /nandana [1] - http://issues.apache.org/jira/browse/WSS
