If it was up to me then yes, however the people who provide the service
I am trying to call have decided in their wisdom that they will ignore
the recommendation. I guess I'll just have to add the token myself.
Thanks
Barry
Ruchith Fernando wrote:
Hi Barry,
Yep true ! however the spec also recommends rejecting any
UsernameToken that does not use *both* nonce and creation timestamps.
Therefore in WSS4J, do you think we should allow producing
UsernameTokens without those elements?
Thanks,
Ruchith
On 11/3/06, Barry McGann <[EMAIL PROTECTED]> wrote:
Hi,
I have read the spec, although I was reading version 1.0 but have just
read the newer 1.1 and it does state that theses are optional elements,
however, if they are included then they must be included in the digest
value.
Thanks
Barry
Ruchith Fernando wrote:
> Hi,
>
> It is not possible according to the spec [1]
>
> Thanks,
> Ruchith
>
> [1]
>
http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-pr-UsernameTokenProfile-01.pdf
>
>
> On 11/1/06, Barry McGann <[EMAIL PROTECTED]> wrote:
>> Hi,
>>
>> How do you add a UsernameToken using passwordDigest without nonce and
>> created?
>>
>> Cheers
>>
>> Barry McGann
>>
>> email: [EMAIL PROTECTED]
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
