You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2008/04/14 12:01:07 UTC
[jira] Commented: (WSS-64) USERNAME_TOKEN PW_DIGEST dont work with .NET 2.0

    [ https://issues.apache.org/jira/browse/WSS-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12588531#action_12588531 ] 

Colm O hEigeartaigh commented on WSS-64:
----------------------------------------


Can you check this again? Some fixes have gone in on using Password Digest. 

Alternatively, could you attach the security header that .Net 2.0 generates and also that WSS4J generates?

> USERNAME_TOKEN PW_DIGEST dont work with .NET 2.0
> ------------------------------------------------
>
>                 Key: WSS-64
>                 URL: https://issues.apache.org/jira/browse/WSS-64
>             Project: WSS4J
>          Issue Type: Bug
>         Environment: jdk 1.5, wss4j-1.5.0.jar, xalan 2.7.0, xmlsec-1.3.0.jar, czech locale, timezone GMT+1 
>            Reporter: Jara Cesnek
>
> USERNAME_TOKEN PW_DIGEST dont work with .NET 2.0. 
> USERNAME_TOKEN PW_TEXT work fine.
> <wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:UsernameToken wsu:Id="UsernameToken-20564850" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Username xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">xxx</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">UrpQqQY/qXdGar7TKe5oUOLLzOk=</wsse:Password><wsse:Nonce xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oas
> is-200401-wss-wssecurity-secext-1.0.xsd">hS6E+nb41TobI66FPB/eoA==</wsse:Nonce><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2006-12-05T11:30:47.595Z</wsu:Created></wsse:UsernameToken></wsse:Security>
> 1) Same .NET header have probably diferent hash value(algo?, locale?, timezone ?).
> 2) Same .NET header have all namespaces in header tag and rest of XML is perfectly readable and small in size.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org