Layer7 API Management

Expand all | Collapse all

How to use "Require WS-Security Password Digest Credentials Assertion"?

  • 1.  How to use "Require WS-Security Password Digest Credentials Assertion"?

    Posted 03-02-2018 06:56 AM

    Hi 

     

    I would like to build a service that accepts authentication through WSS header with plaintext or digest password. I started out accepting plaintext passwords and authenticate against LDAP, what was quite straightforward. 

     

     

    Now I wanted to add digest passwords as alternative, but I don't even understand how to use the Require WS-Security Password Digest Credentials Assertion

     

    How can I specify the expected username and password? It could by any user. I would like to use the digest password the same way as I use the plaintext password: to authenticate the user against the LDAP service. But when I enter nothing for expected username/password I get the error "No conforming WSS Digest token was found in request".

     

    Am I expecting something wrong from this assertion?

    Is it not usable the way I want to? 

     

    Thanks

    Stephan



  • 2.  Re: How to use "Require WS-Security Password Digest Credentials Assertion"?

    Posted 12-19-2018 02:04 PM

    Good morning,

     

    The assertion "Require WS-Security Password Digest Credentials Assertion" is very narrow in its scope of the user that is connecting. It has to have an understanding of both the username and password so it is a one to one relationship and not designed to be used with more than one user connecting. Mainly we have seen this used when service accounts are calling the Gateway.

     

    Sincerely,

     

    Stephen Hughes

    Broadcom Support