I need to validate the timestamp & nonce with the incoming passwordDigest value,
I have found the below formula Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )
And I have found a few lines of Java Code to validate these values if they match,
So shortly if I Want to validate the incoming Nonce & Timestamp & passwordDigest values all together, should I use a customAssertion or is there any way to do it so ?
I could not find a way to do it,
The default behavior of the "Require WS-Security Password Digest Credentials Assertion" does this already so you don't need to build a custom assertion. To test if you remove either the nonce or timestamp from the request it will fail even if you don't have required them in the assertion.
Director, CA Support
Hi Stephen, thanks for the response, in this situation I will just check if the token is expired or not with the defined time interval ,
That helped a lot,