Layer7 API Management

Hello Layer7 API M Community, I am hoping that someone can provide a remedy for an issue regarding password digest credentials. I have the below assertion that is causing a failure because the credentials being passed in via the wsse:Security header do not match what I have configured in the assertion. My ask is there a way to determine the disjoint? Thank you.

Incoming security header:

"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="true"><wsu:Timestamp wsu:Id="TS-556DA3DFFF130D5B3C159534950610331"><wsu:Created>2020-07-21T16:38:26.103Z</wsu:Created><wsu:Expires>2020-07-21T16:43:26.103Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" wsu:Id="SecurityToken-d4deba7a-af3d-4025-8a66-bf5941c6e8f5"><wsse:Username>P11Xerox0913</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">r/bW5040LwUYD+ScLDsPEQcD22w=</wsse:Password><wsse:Nonce>cMGDzcI6u2G/88LdtsaBUdzQgBw=</wsse:Nonce><wsu:Created>2020-07-21T16:38:26.090Z</wsu:Created></wsse:UsernameToken><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-556DA3DFFF130D5B3C159534950610332">MIIHAjCCBeqgAwIBAgIQQScxmSUct32iSKlwi2N9tTANBgkqhkiG9w0BAQsFADCBlTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQDEzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMB4XDTE5MTIyMDAwMDAwMFoXDTIwMTIxOTIzNTk1OVowgeMxCzAJBgNVBAYTAlVTMQ4wDAYDVQQREwUwNzkzMjETMBEGA1UECBMKTmV3IEplcnNleTEVMBMGA1UEBxMMRmxvcmhhbSBQYXJrMRIwEAYDVQQJEwlTdWl0ZSAyMDAxFzAVBgNVBAkTDjEwMCBDYW1wdXMgRHIuMScwJQYDVQQKEx5Db25kdWVudCBCdXNpbmVzcyBTZXJ2aWNlcyBMTEMxITAfBgNVBAsTGENvbmR1ZW50IElUUyBIUiBTZXJ2aWNlczEfMB0GA1UEAxMWc2VjdXJlLmJlbmVmaXRzd2ViLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK21v/QJPk8QJgILqTqsFRVC40lE9A5tNxefLLrc015KrsUgSrkEU1higsvkbBbJ+XK8qQLhh1uO1dok+K6jMJRP9Up/b2peFqJRUh6t6eQrjikWxl+sRaRvL+jZYnAWx4xEQvmACaaiCXL6U/+WqDfwg8tjF0cMLkgIwF756iI0IxI0Bd4N/M1EpXjy2QxVXTjhWw7yv3nHrpi8Kqrtu0MKvyb41ZOJGUNVGEHBiuXjem/Hav6eUUY1+Y8/rghJJ3v+CfhDkKS6ZjyZHCoGaDTJ++fwzHwZTQcdCzQu9Mq47mRW4k9jo4paLSe58J5ENnC+z1aFiFl1zdtfHmFv+/kCAwEAAaOCAvwwggL4MB8GA1UdIwQYMBaAFBfZ1iUnZ/kxwklD2TA2RIxsqU/rMB0GA1UdDgQWBBT5ysFEnBNNxD7EOajMnY4AD6N6/TAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSgYDVR0gBEMwQTA1BgwrBgEEAbIxAQIBAwQwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQICMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYoGCCsGAQUFBwEBBH4wfDBVBggrBgEFBQcwAoZJaHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wPQYDVR0RBDYwNIIWc2VjdXJlLmJlbmVmaXRzd2ViLmNvbYIad3d3LnNlY3VyZS5iZW5lZml0c3dlYi5jb20wggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQAHt1wb5X1o//Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAW8kfBQDAAAEAwBGMEQCIHgY7IKMmLR0IEPgC97WmCHUUAv6nKS1jESLsz1ZOBIpAiB/ByWypudzPGngu2zIymPuM0Nk/hszkD5zI15a3qE6uAB2AF6nc/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABbyR8E4UAAAQDAEcwRQIgI28dKcC++HVZfOF3HRM5ykpSizVcPAIsOEPOU3L1muMCIQCpwdrOQKseB7oKuCcooYD4FHDP0iciahossjtFYZbjCzANBgkqhkiG9w0BAQsFAAOCAQEAERwYoditMSaZqC5bG5SNE/GNZ+rqovV3uzLN/j2mFMIS/qUzGZG9d2TmE+7h21O36FCPj0MZFPqbiDakoB844t++WD/hGxFfEfQMlVJI71rA2VfpMN65Rt7YZrJpVeT4NX/jho8D5m7twJiH7CHj25jZeE1u2wkt4M2H4OCfqQBRcamEALEf1RoHu6kaY4CkDpVtDfPRTxODEK7Bt0Y+p4Joy2Ba6AwOFATXdBv8ETZS4DpkVcpck8C2PI2yZe/Ro9tRbmYQfP4XtBOmmM4nprzZM65DQEKSw7yV6YlzmOfecGGciSdB+KnMPFQZaGrpnMnBgCTeQGQK74jNBv6W1g==</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-556DA3DFFF130D5B3C159534950616636"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsa soapenv"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="#TS-556DA3DFFF130D5B3C159534950610331"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse wsa soapenv"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>/frNd4MVAXFcfFXzMJEswjGgDD0=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-556DA3DFFF130D5B3C159534950610435"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>5Ameqap9x9wzmzAcrXZSJMFzkmU=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>LMq8aEYGub0qeF05XuD+4FtErHpyn9J0ENJLYnS2AKgtf+pQDbIdbqrKvBZGqWi9fT7z8BIJDBgjFaVQa0+9mW1p1sMoz1z5qckBvuxtHeuo90t/uWBhCPYKlI9fBtZvofEDSSRr+hffk3Z1/xgCIWrIaBTN+cg+66SJIAcaXB9vdalM03xROAQJ2kkjUzzasaNqyiM8pX4pbkUNiSAqKhYZUFZQGEzlSAD0TSUNAqX96BwVNz9zHsDBszPbT77EdG5bBotiw2zQoHp1tBe92TQ2Y0SdIjzR3HbPSA4TvNUWJA6i+09AsUodXVmYCI+soExyOGTkqBo5npwVTXbcKQ==</ds:SignatureValue><ds:KeyInfo Id="KI-556DA3DFFF130D5B3C159534950610333"><wsse:SecurityTokenReference wsu:Id="STR-556DA3DFFF130D5B3C159534950610334"><wsse:Reference URI="#X509-556DA3DFFF130D5B3C159534950610332" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"></wsse:Reference></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security><wsa:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

The consumer is telling me that they are creating the digest password with the following algorithm:

String utf8password,String base64EncodedNonce, String utf8Timestamp

Below is the assertion  and the values:

Username:    P11Xerox0913

Password:    UFhyMHgmIzExcA==

<?xml version="1.0" encoding="UTF-8"?>

<wsp:Policy xmlns:L7p="http://www.layer7tech.com/ws/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">

    <wsp:All wsp:Usage="Required">

        <L7p:WssDigest>

            <L7p:RequireNonce booleanValue="true"/>

            <L7p:RequireTimestamp booleanValue="true"/>

            <L7p:RequiredPassword stringValue="${secpass.sisoa-dpm-extib_conduent_mups_password.plaintext}"/>

            <L7p:RequiredUsername stringValue="${gateway.sisoa-dpm-extib.conduent.mups.userId}"/>

        </L7p:WssDigest>

    </wsp:All>

</wsp:Policy>

Edward Lokiec
Telephone: 860.226.5977
E-mail Address:  Ed.Lokiec@CIGNA.com

Confidential, unpublished property of Cigna. Do not duplicate or distribute. Use and distribution limited solely to authorized personnel. © Copyright 2020

Hello Layer7 API M Community, I am hoping that someone can provide a remedy for an issue regarding password digest credentials. I have the below assertion that is causing a failure because the credentials being passed in via the wsse:Security header do not match what I have configured in the assertion. My ask is there a way to determine the disjoint? Thank you.

Incoming security header:

"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="true"><wsu:Timestamp wsu:Id="TS-556DA3DFFF130D5B3C159534950610331"><wsu:Created>2020-07-21T16:38:26.103Z</wsu:Created><wsu:Expires>2020-07-21T16:43:26.103Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" wsu:Id="SecurityToken-d4deba7a-af3d-4025-8a66-bf5941c6e8f5"><wsse:Username>P11Xerox0913</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">r/bW5040LwUYD+ScLDsPEQcD22w=</wsse:Password><wsse:Nonce>cMGDzcI6u2G/88LdtsaBUdzQgBw=</wsse:Nonce><wsu:Created>2020-07-21T16:38:26.090Z</wsu:Created></wsse:UsernameToken><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-556DA3DFFF130D5B3C159534950610332">MIIHAjCCBeqgAwIBAgIQQScxmSUct32iSKlwi2N9tTANBgkqhkiG9w0BAQsFADCBlTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQDEzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMB4XDTE5MTIyMDAwMDAwMFoXDTIwMTIxOTIzNTk1OVowgeMxCzAJBgNVBAYTAlVTMQ4wDAYDVQQREwUwNzkzMjETMBEGA1UECBMKTmV3IEplcnNleTEVMBMGA1UEBxMMRmxvcmhhbSBQYXJrMRIwEAYDVQQJEwlTdWl0ZSAyMDAxFzAVBgNVBAkTDjEwMCBDYW1wdXMgRHIuMScwJQYDVQQKEx5Db25kdWVudCBCdXNpbmVzcyBTZXJ2aWNlcyBMTEMxITAfBgNVBAsTGENvbmR1ZW50IElUUyBIUiBTZXJ2aWNlczEfMB0GA1UEAxMWc2VjdXJlLmJlbmVmaXRzd2ViLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK21v/QJPk8QJgILqTqsFRVC40lE9A5tNxefLLrc015KrsUgSrkEU1higsvkbBbJ+XK8qQLhh1uO1dok+K6jMJRP9Up/b2peFqJRUh6t6eQrjikWxl+sRaRvL+jZYnAWx4xEQvmACaaiCXL6U/+WqDfwg8tjF0cMLkgIwF756iI0IxI0Bd4N/M1EpXjy2QxVXTjhWw7yv3nHrpi8Kqrtu0MKvyb41ZOJGUNVGEHBiuXjem/Hav6eUUY1+Y8/rghJJ3v+CfhDkKS6ZjyZHCoGaDTJ++fwzHwZTQcdCzQu9Mq47mRW4k9jo4paLSe58J5ENnC+z1aFiFl1zdtfHmFv+/kCAwEAAaOCAvwwggL4MB8GA1UdIwQYMBaAFBfZ1iUnZ/kxwklD2TA2RIxsqU/rMB0GA1UdDgQWBBT5ysFEnBNNxD7EOajMnY4AD6N6/TAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSgYDVR0gBEMwQTA1BgwrBgEEAbIxAQIBAwQwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQICMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYoGCCsGAQUFBwEBBH4wfDBVBggrBgEFBQcwAoZJaHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wPQYDVR0RBDYwNIIWc2VjdXJlLmJlbmVmaXRzd2ViLmNvbYIad3d3LnNlY3VyZS5iZW5lZml0c3dlYi5jb20wggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQAHt1wb5X1o//Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAW8kfBQDAAAEAwBGMEQCIHgY7IKMmLR0IEPgC97WmCHUUAv6nKS1jESLsz1ZOBIpAiB/ByWypudzPGngu2zIymPuM0Nk/hszkD5zI15a3qE6uAB2AF6nc/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABbyR8E4UAAAQDAEcwRQIgI28dKcC++HVZfOF3HRM5ykpSizVcPAIsOEPOU3L1muMCIQCpwdrOQKseB7oKuCcooYD4FHDP0iciahossjtFYZbjCzANBgkqhkiG9w0BAQsFAAOCAQEAERwYoditMSaZqC5bG5SNE/GNZ+rqovV3uzLN/j2mFMIS/qUzGZG9d2TmE+7h21O36FCPj0MZFPqbiDakoB844t++WD/hGxFfEfQMlVJI71rA2VfpMN65Rt7YZrJpVeT4NX/jho8D5m7twJiH7CHj25jZeE1u2wkt4M2H4OCfqQBRcamEALEf1RoHu6kaY4CkDpVtDfPRTxODEK7Bt0Y+p4Joy2Ba6AwOFATXdBv8ETZS4DpkVcpck8C2PI2yZe/Ro9tRbmYQfP4XtBOmmM4nprzZM65DQEKSw7yV6YlzmOfecGGciSdB+KnMPFQZaGrpnMnBgCTeQGQK74jNBv6W1g==</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-556DA3DFFF130D5B3C159534950616636"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsa soapenv"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="#TS-556DA3DFFF130D5B3C159534950610331"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse wsa soapenv"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>/frNd4MVAXFcfFXzMJEswjGgDD0=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-556DA3DFFF130D5B3C159534950610435"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>5Ameqap9x9wzmzAcrXZSJMFzkmU=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>LMq8aEYGub0qeF05XuD+4FtErHpyn9J0ENJLYnS2AKgtf+pQDbIdbqrKvBZGqWi9fT7z8BIJDBgjFaVQa0+9mW1p1sMoz1z5qckBvuxtHeuo90t/uWBhCPYKlI9fBtZvofEDSSRr+hffk3Z1/xgCIWrIaBTN+cg+66SJIAcaXB9vdalM03xROAQJ2kkjUzzasaNqyiM8pX4pbkUNiSAqKhYZUFZQGEzlSAD0TSUNAqX96BwVNz9zHsDBszPbT77EdG5bBotiw2zQoHp1tBe92TQ2Y0SdIjzR3HbPSA4TvNUWJA6i+09AsUodXVmYCI+soExyOGTkqBo5npwVTXbcKQ==</ds:SignatureValue><ds:KeyInfo Id="KI-556DA3DFFF130D5B3C159534950610333"><wsse:SecurityTokenReference wsu:Id="STR-556DA3DFFF130D5B3C159534950610334"><wsse:Reference URI="#X509-556DA3DFFF130D5B3C159534950610332" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"></wsse:Reference></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security><wsa:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

The consumer is telling me that they are creating the digest password with the following algorithm:

String utf8password,String base64EncodedNonce, String utf8Timestamp

Below is the assertion  and the values:

Username:    P11Xerox0913

Password:    UFhyMHgmIzExcA==

<?xml version="1.0" encoding="UTF-8"?>

<wsp:Policy xmlns:L7p="http://www.layer7tech.com/ws/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">

    <wsp:All wsp:Usage="Required">

        <L7p:WssDigest>

            <L7p:RequireNonce booleanValue="true"/>

            <L7p:RequireTimestamp booleanValue="true"/>

            <L7p:RequiredPassword stringValue="${secpass.sisoa-dpm-extib_conduent_mups_password.plaintext}"/>

            <L7p:RequiredUsername stringValue="${gateway.sisoa-dpm-extib.conduent.mups.userId}"/>

        </L7p:WssDigest>

    </wsp:All>

</wsp:Policy>

Edward Lokiec
Telephone: 860.226.5977
E-mail Address:  Ed.Lokiec@CIGNA.com

Confidential, unpublished property of Cigna. Do not duplicate or distribute. Use and distribution limited solely to authorized personnel. © Copyright 2020

Jay, thank you for your reply. I passed your response to the consumer and they replied with the following. Thank you for your time.

Algorithm code attached for reference.

public static String buildPasswordDigest(             String utf8password,String base64EncodedNonce, String utf8Timestamp) throws Exception{         

MessageDigest md = MessageDigest.getInstance("SHA-1");

byte[] decodedNonce = null;     if (null != base64EncodedNonce) {

    decodedNonce = DatatypeConverter     .parseBase64Binary(base64EncodedNonce);

    }     // Get the timestamp in bytes     

byte[] utf8BytesTimestamp = null;

    // the created date and utf8Timestamp are assumed to be utf-8 encoded     

utf8BytesTimestamp = utf8Timestamp.getBytes("utf-8");

    // Get the password in bytes     

byte[] utf8BytesPassword = null;

    // the created date and utf8Timestamp are assumed to be utf-8 encoded     

utf8BytesPassword = utf8password.getBytes("utf-8");

    // Update the digest with the byte arrays and then encode in base64     

// Hashing formula is: Base64( SHA-1( nonce + created + password ))     

md.update(decodedNonce);     md.update(utf8BytesTimestamp);     md.update(utf8BytesPassword);     return DatatypeConverter.printBase64Binary(md.digest());} }  

Hello Layer7 API M Community, I am hoping that someone can provide a remedy for an issue regarding password digest credentials. I have the below assertion that is causing a failure because the credentials being passed in via the wsse:Security header do not match what I have configured in the assertion. My ask is there a way to determine the disjoint? Thank you.

Incoming security header:

"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="true"><wsu:Timestamp wsu:Id="TS-556DA3DFFF130D5B3C159534950610331"><wsu:Created>2020-07-21T16:38:26.103Z</wsu:Created><wsu:Expires>2020-07-21T16:43:26.103Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" wsu:Id="SecurityToken-d4deba7a-af3d-4025-8a66-bf5941c6e8f5"><wsse:Username>P11Xerox0913</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">r/bW5040LwUYD+ScLDsPEQcD22w=</wsse:Password><wsse:Nonce>cMGDzcI6u2G/88LdtsaBUdzQgBw=</wsse:Nonce><wsu:Created>2020-07-21T16:38:26.090Z</wsu:Created></wsse:UsernameToken><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-556DA3DFFF130D5B3C159534950610332">MIIHAjCCBeqgAwIBAgIQQScxmSUct32iSKlwi2N9tTANBgkqhkiG9w0BAQsFADCBlTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQDEzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMB4XDTE5MTIyMDAwMDAwMFoXDTIwMTIxOTIzNTk1OVowgeMxCzAJBgNVBAYTAlVTMQ4wDAYDVQQREwUwNzkzMjETMBEGA1UECBMKTmV3IEplcnNleTEVMBMGA1UEBxMMRmxvcmhhbSBQYXJrMRIwEAYDVQQJEwlTdWl0ZSAyMDAxFzAVBgNVBAkTDjEwMCBDYW1wdXMgRHIuMScwJQYDVQQKEx5Db25kdWVudCBCdXNpbmVzcyBTZXJ2aWNlcyBMTEMxITAfBgNVBAsTGENvbmR1ZW50IElUUyBIUiBTZXJ2aWNlczEfMB0GA1UEAxMWc2VjdXJlLmJlbmVmaXRzd2ViLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK21v/QJPk8QJgILqTqsFRVC40lE9A5tNxefLLrc015KrsUgSrkEU1higsvkbBbJ+XK8qQLhh1uO1dok+K6jMJRP9Up/b2peFqJRUh6t6eQrjikWxl+sRaRvL+jZYnAWx4xEQvmACaaiCXL6U/+WqDfwg8tjF0cMLkgIwF756iI0IxI0Bd4N/M1EpXjy2QxVXTjhWw7yv3nHrpi8Kqrtu0MKvyb41ZOJGUNVGEHBiuXjem/Hav6eUUY1+Y8/rghJJ3v+CfhDkKS6ZjyZHCoGaDTJ++fwzHwZTQcdCzQu9Mq47mRW4k9jo4paLSe58J5ENnC+z1aFiFl1zdtfHmFv+/kCAwEAAaOCAvwwggL4MB8GA1UdIwQYMBaAFBfZ1iUnZ/kxwklD2TA2RIxsqU/rMB0GA1UdDgQWBBT5ysFEnBNNxD7EOajMnY4AD6N6/TAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSgYDVR0gBEMwQTA1BgwrBgEEAbIxAQIBAwQwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQICMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYoGCCsGAQUFBwEBBH4wfDBVBggrBgEFBQcwAoZJaHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wPQYDVR0RBDYwNIIWc2VjdXJlLmJlbmVmaXRzd2ViLmNvbYIad3d3LnNlY3VyZS5iZW5lZml0c3dlYi5jb20wggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQAHt1wb5X1o//Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAW8kfBQDAAAEAwBGMEQCIHgY7IKMmLR0IEPgC97WmCHUUAv6nKS1jESLsz1ZOBIpAiB/ByWypudzPGngu2zIymPuM0Nk/hszkD5zI15a3qE6uAB2AF6nc/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABbyR8E4UAAAQDAEcwRQIgI28dKcC++HVZfOF3HRM5ykpSizVcPAIsOEPOU3L1muMCIQCpwdrOQKseB7oKuCcooYD4FHDP0iciahossjtFYZbjCzANBgkqhkiG9w0BAQsFAAOCAQEAERwYoditMSaZqC5bG5SNE/GNZ+rqovV3uzLN/j2mFMIS/qUzGZG9d2TmE+7h21O36FCPj0MZFPqbiDakoB844t++WD/hGxFfEfQMlVJI71rA2VfpMN65Rt7YZrJpVeT4NX/jho8D5m7twJiH7CHj25jZeE1u2wkt4M2H4OCfqQBRcamEALEf1RoHu6kaY4CkDpVtDfPRTxODEK7Bt0Y+p4Joy2Ba6AwOFATXdBv8ETZS4DpkVcpck8C2PI2yZe/Ro9tRbmYQfP4XtBOmmM4nprzZM65DQEKSw7yV6YlzmOfecGGciSdB+KnMPFQZaGrpnMnBgCTeQGQK74jNBv6W1g==</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-556DA3DFFF130D5B3C159534950616636"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsa soapenv"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="#TS-556DA3DFFF130D5B3C159534950610331"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse wsa soapenv"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>/frNd4MVAXFcfFXzMJEswjGgDD0=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-556DA3DFFF130D5B3C159534950610435"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>5Ameqap9x9wzmzAcrXZSJMFzkmU=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>LMq8aEYGub0qeF05XuD+4FtErHpyn9J0ENJLYnS2AKgtf+pQDbIdbqrKvBZGqWi9fT7z8BIJDBgjFaVQa0+9mW1p1sMoz1z5qckBvuxtHeuo90t/uWBhCPYKlI9fBtZvofEDSSRr+hffk3Z1/xgCIWrIaBTN+cg+66SJIAcaXB9vdalM03xROAQJ2kkjUzzasaNqyiM8pX4pbkUNiSAqKhYZUFZQGEzlSAD0TSUNAqX96BwVNz9zHsDBszPbT77EdG5bBotiw2zQoHp1tBe92TQ2Y0SdIjzR3HbPSA4TvNUWJA6i+09AsUodXVmYCI+soExyOGTkqBo5npwVTXbcKQ==</ds:SignatureValue><ds:KeyInfo Id="KI-556DA3DFFF130D5B3C159534950610333"><wsse:SecurityTokenReference wsu:Id="STR-556DA3DFFF130D5B3C159534950610334"><wsse:Reference URI="#X509-556DA3DFFF130D5B3C159534950610332" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"></wsse:Reference></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security><wsa:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

The consumer is telling me that they are creating the digest password with the following algorithm:

String utf8password,String base64EncodedNonce, String utf8Timestamp

Below is the assertion  and the values:

Username:    P11Xerox0913

Password:    UFhyMHgmIzExcA==

<?xml version="1.0" encoding="UTF-8"?>

<wsp:Policy xmlns:L7p="http://www.layer7tech.com/ws/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">

    <wsp:All wsp:Usage="Required">

        <L7p:WssDigest>

            <L7p:RequireNonce booleanValue="true"/>

            <L7p:RequireTimestamp booleanValue="true"/>

            <L7p:RequiredPassword stringValue="${secpass.sisoa-dpm-extib_conduent_mups_password.plaintext}"/>

            <L7p:RequiredUsername stringValue="${gateway.sisoa-dpm-extib.conduent.mups.userId}"/>

        </L7p:WssDigest>

    </wsp:All>

</wsp:Policy>

Edward Lokiec
Telephone: 860.226.5977
E-mail Address:  Ed.Lokiec@CIGNA.com

Confidential, unpublished property of Cigna. Do not duplicate or distribute. Use and distribution limited solely to authorized personnel. © Copyright 2020