When I run the setup without digest then Nonce and Created are not included.
The system we're working on can use UsernameToken as simple authentication for 'safe' networks. I guess its not a trainsmash, I was just looking for consistancy with the specification I am complying to. Thanks for the information! On Wed, Mar 4, 2009 at 2:19 PM, Colm O hEigeartaigh <[email protected]> wrote: > > They're not actually required for the digest as per the spec....it seems > reasonable to me to at least allow the user to explicitly exclude them, > even if there's no good reason to exclude them that I can think of. > > Colm. > > -----Original Message----- > From: Dittmann, Werner (NSN - DE/Munich) > [mailto:[email protected]] > Sent: 04 March 2009 12:07 > To: ext Mike; [email protected] > Subject: RE: UsernameToken Nonce & Created > > IIRC if you required Digest mode then you also enable > nonce and created by default because those are required to > generate the digest. > > Regards, > Werner > >> -----Original Message----- >> From: ext Mike [mailto:[email protected]] >> Sent: Wednesday, March 04, 2009 9:32 AM >> To: [email protected] >> Subject: UsernameToken Nonce & Created >> >> Hello! >> >> I've managed to configure UsernameToken authentication which is >> working perfectly with PasswordType digest and text. >> >> I'm having an issue though with Nonce and Created; I don't need them >> all the time, if I try to not addNonce or addCreated it gets added >> anyway! >> >> Example code: >> >> ... >> ut.setCreated(false) >> ut.setNonce(false) >> ut.setDigest(true) >> ... >> >> private WSSecUsernameToken getUsernameToken(String username, String >> password, UsernameToken ut, Document doc) { >> WSSecUsernameToken secut = null; >> >> if (username != null && username.trim().length() > 0 && password >> != null && password.trim().length() > 0) { >> secut = new WSSecUsernameToken(); >> >> if (ut.isDigest()) >> secut.setPasswordType(WSConstants.PASSWORD_DIGEST); >> else >> secut.setPasswordType(WSConstants.PASSWORD_TEXT); >> >> secut.setUserInfo(ut.getUsername(), ut.getPassword()); >> >> if (ut.isCreated()) >> secut.addCreated(); >> >> if (ut.isNonce()) >> secut.addNonce(); >> >> secut.prepare(doc); >> } >> >> return secut; >> } >> >> Resulting UsernameToken element >> >> <wsse:UsernameToken wsu:Id="UsernameToken-512309528" >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 >> -wss-wssecurity-utility-1.0.xsd"> >> <wsse:Username> >> Sender </wsse:Username> >> <wsse:Password >> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- >> username-token-profile-1.0#PasswordDigest"> >> sEdkxj9EZIUBn4UHDDioUXwhCCo= </wsse:Password> >> <wsse:Nonce> >> M3jvBuDs0fchIotm83Wjuw== </wsse:Nonce> >> <wsu:Created> >> 2009-03-04T08:28:53.173Z </wsu:Created> >> </wsse:UsernameToken> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
