Layer7 API Management

Expand all | Collapse all

Using * Require WS-Security Password Digest Credentials Assertion & Validation of incoming Values (Nonce & Timestamp & passwordDigest)

Jump to Best Answer
  • 1.  Using * Require WS-Security Password Digest Credentials Assertion & Validation of incoming Values (Nonce & Timestamp & passwordDigest)

    Posted 05-07-2017 07:45 AM
      |   view attached

    * Require WS-Security Password Digest Credentials Assertion

    Hi All,

    I need to validate the timestamp & nonce with the incoming passwordDigest value, 

    I have found the below formula  Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )

    And I have found a few lines of Java Code to validate these values if they match,

    So shortly if I Want to validate the incoming Nonce & Timestamp & passwordDigest values all together, should I use a customAssertion or is there any way to do it so ?

    I could not find a way to do it,



  • 2.  Re: Using * Require WS-Security Password Digest Credentials Assertion & Validation of incoming Values (Nonce & Timestamp & passwordDigest)
    Best Answer

    Posted 05-07-2017 12:49 PM

    Good afternoon,

     

    The default behavior of the "Require WS-Security Password Digest Credentials Assertion" does this already so you don't need to build a custom assertion. To test if you remove either the nonce or timestamp from the request it will fail even if you don't have required them in the assertion.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 3.  Re: Using * Require WS-Security Password Digest Credentials Assertion & Validation of incoming Values (Nonce & Timestamp & passwordDigest)

    Posted 05-07-2017 04:56 PM

    Hi Stephen, thanks for the response, in this situation I will just check if the token is expired or not with the defined time interval , 

    That helped a lot,

    Regards

    Onur Fenar,