This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

WS-Security headers and timestamp

Posted on 03-12-2024 09:29 PM
rajkalgur
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi Dino,

this is continuation for below post. 

https://www.googlecloudcommunity.com/gc/Apigee/Applying-WS-S-UsernameToken-and-WS-Security/td-p/6799...

I have captured payload from layer7 and apigee. I see there is a difference in headers and timestamp is missing from payload.

layer 7 payload:

<soapenv:Envelope
xmlns:ns4="/MDMServicesLibrary/SharedServices/MDM/Processes/Party/SearchPerson-Start-Input.xsd"
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
<wsu:Timestamp>
<wsu:Created>2024-03-12T19:51:39.496228242Z</wsu:Created>
<wsu:Expires>2024-03-12T19:56:39.496Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken>
<wsse:Username>username</wsse:Username>
<wsu:Created>2024-03-12T19:51:39Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>

APIGEE payload:

<soapenv:Envelope
xmlns:ns4="/MDMServicesLibrary/SharedServices/MDM/Processes/Party/SearchPerson-Start-Input.xsd"
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="UsernameToken-8a954b25-c8c1-43bc-9b75-cf1bdc5dc956">
<wsse:Username>username</wsse:Username>
<wsu:Created>2024-03-12T18:41:40Z</wsu:Created>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">tTToQi+o0upZ2r/nrH8EzhD6o6U=</wsse:Nonce>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
 
in apigee payload below namespaces are added under soapenv:Envelope where as in layer 7 they are added under soapenv:Header
xmlns:wsu
xmlns:wsse
 
and also timestamp tag is missing apigee payload.
 
Could you please build new jar and share with me.
Solved Solved
3 11 943
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to rajkalgur
Reply posted on --/--/---- --:-- AM

Splendid! ok that's progress. The output is in the right shape. Mostly!

I notice a couple differences between that and what you showed for Layer 7 output.

  1. the Password element is PasswordDigest for Apigee, PasswordText for Layer7. That would be material, if the endpoint on the other side does not suport PasswordDigest. To fix this, you will need to use

    <Property name="password-encoding">TEXT</Property>

    ...in place of

    <Property name="password-encoding">DIGEST</Property>
  2. The timestamps in the Apigee-generated payload do not include fractional seconds, whereas the payload from Layer7 includes fractional seconds. In theory, that should be JUST FINE, since the specifications say that the value should be an xsd dateTime, and fractional seconds are optional. But it is possible - unlikely, but possible - that the endpoint on the other side is insisting on fractional seconds.

View solution in original post

Jump to Solution
11 REPLIES 11
Top Solution Authors
View all