Hello Layer7 API M Community, I am hoping that someone can provide a remedy for an issue regarding password digest credentials. I have the below assertion that is causing a failure because the credentials being passed in via the wsse:Security header do not match what I have configured in the assertion. My ask is there a way to determine the disjoint? Thank you.
Incoming security header:
"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="true"><wsu:Timestamp wsu:Id="TS-556DA3DFFF130D5B3C159534950610331"><wsu:Created>2020-07-21T16:38:26.103Z</wsu:Created><wsu:Expires>2020-07-21T16:43:26.103Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" wsu:Id="SecurityToken-d4deba7a-af3d-4025-8a66-bf5941c6e8f5"><wsse:Username>P11Xerox0913</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">r/bW5040LwUYD+ScLDsPEQcD22w=</wsse:Password><wsse:Nonce>cMGDzcI6u2G/88LdtsaBUdzQgBw=</wsse:Nonce><wsu:Created>2020-07-21T16:38:26.090Z</wsu:Created></wsse:UsernameToken><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-556DA3DFFF130D5B3C159534950610332">MIIHAjCCBeqgAwIBAgIQQScxmSUct32iSKlwi2N9tTANBgkqhkiG9w0BAQsFADCBlTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQDEzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMB4XDTE5MTIyMDAwMDAwMFoXDTIwMTIxOTIzNTk1OVowgeMxCzAJBgNVBAYTAlVTMQ4wDAYDVQQREwUwNzkzMjETMBEGA1UECBMKTmV3IEplcnNleTEVMBMGA1UEBxMMRmxvcmhhbSBQYXJrMRIwEAYDVQQJEwlTdWl0ZSAyMDAxFzAVBgNVBAkTDjEwMCBDYW1wdXMgRHIuMScwJQYDVQQKEx5Db25kdWVudCBCdXNpbmVzcyBTZXJ2aWNlcyBMTEMxITAfBgNVBAsTGENvbmR1ZW50IElUUyBIUiBTZXJ2aWNlczEfMB0GA1UEAxMWc2VjdXJlLmJlbmVmaXRzd2ViLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK21v/QJPk8QJgILqTqsFRVC40lE9A5tNxefLLrc015KrsUgSrkEU1higsvkbBbJ+XK8qQLhh1uO1dok+K6jMJRP9Up/b2peFqJRUh6t6eQrjikWxl+sRaRvL+jZYnAWx4xEQvmACaaiCXL6U/+WqDfwg8tjF0cMLkgIwF756iI0IxI0Bd4N/M1EpXjy2QxVXTjhWw7yv3nHrpi8Kqrtu0MKvyb41ZOJGUNVGEHBiuXjem/Hav6eUUY1+Y8/rghJJ3v+CfhDkKS6ZjyZHCoGaDTJ++fwzHwZTQcdCzQu9Mq47mRW4k9jo4paLSe58J5ENnC+z1aFiFl1zdtfHmFv+/kCAwEAAaOCAvwwggL4MB8GA1UdIwQYMBaAFBfZ1iUnZ/kxwklD2TA2RIxsqU/rMB0GA1UdDgQWBBT5ysFEnBNNxD7EOajMnY4AD6N6/TAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSgYDVR0gBEMwQTA1BgwrBgEEAbIxAQIBAwQwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQICMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYoGCCsGAQUFBwEBBH4wfDBVBggrBgEFBQcwAoZJaHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wPQYDVR0RBDYwNIIWc2VjdXJlLmJlbmVmaXRzd2ViLmNvbYIad3d3LnNlY3VyZS5iZW5lZml0c3dlYi5jb20wggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQAHt1wb5X1o//Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAW8kfBQDAAAEAwBGMEQCIHgY7IKMmLR0IEPgC97WmCHUUAv6nKS1jESLsz1ZOBIpAiB/ByWypudzPGngu2zIymPuM0Nk/hszkD5zI15a3qE6uAB2AF6nc/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABbyR8E4UAAAQDAEcwRQIgI28dKcC++HVZfOF3HRM5ykpSizVcPAIsOEPOU3L1muMCIQCpwdrOQKseB7oKuCcooYD4FHDP0iciahossjtFYZbjCzANBgkqhkiG9w0BAQsFAAOCAQEAERwYoditMSaZqC5bG5SNE/GNZ+rqovV3uzLN/j2mFMIS/qUzGZG9d2TmE+7h21O36FCPj0MZFPqbiDakoB844t++WD/hGxFfEfQMlVJI71rA2VfpMN65Rt7YZrJpVeT4NX/jho8D5m7twJiH7CHj25jZeE1u2wkt4M2H4OCfqQBRcamEALEf1RoHu6kaY4CkDpVtDfPRTxODEK7Bt0Y+p4Joy2Ba6AwOFATXdBv8ETZS4DpkVcpck8C2PI2yZe/Ro9tRbmYQfP4XtBOmmM4nprzZM65DQEKSw7yV6YlzmOfecGGciSdB+KnMPFQZaGrpnMnBgCTeQGQK74jNBv6W1g==</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-556DA3DFFF130D5B3C159534950616636"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsa soapenv"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="#TS-556DA3DFFF130D5B3C159534950610331"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse wsa soapenv"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>/frNd4MVAXFcfFXzMJEswjGgDD0=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-556DA3DFFF130D5B3C159534950610435"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>5Ameqap9x9wzmzAcrXZSJMFzkmU=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>LMq8aEYGub0qeF05XuD+4FtErHpyn9J0ENJLYnS2AKgtf+pQDbIdbqrKvBZGqWi9fT7z8BIJDBgjFaVQa0+9mW1p1sMoz1z5qckBvuxtHeuo90t/uWBhCPYKlI9fBtZvofEDSSRr+hffk3Z1/xgCIWrIaBTN+cg+66SJIAcaXB9vdalM03xROAQJ2kkjUzzasaNqyiM8pX4pbkUNiSAqKhYZUFZQGEzlSAD0TSUNAqX96BwVNz9zHsDBszPbT77EdG5bBotiw2zQoHp1tBe92TQ2Y0SdIjzR3HbPSA4TvNUWJA6i+09AsUodXVmYCI+soExyOGTkqBo5npwVTXbcKQ==</ds:SignatureValue><ds:KeyInfo Id="KI-556DA3DFFF130D5B3C159534950610333"><wsse:SecurityTokenReference wsu:Id="STR-556DA3DFFF130D5B3C159534950610334"><wsse:Reference URI="#X509-556DA3DFFF130D5B3C159534950610332" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"></wsse:Reference></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security><wsa:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
The consumer is telling me that they are creating the digest password with the following algorithm:
String utf8password,String base64EncodedNonce, String utf8Timestamp
Below is the assertion and the values:
Username: P11Xerox0913
Password: UFhyMHgmIzExcA==
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy xmlns:L7p="http://www.layer7tech.com/ws/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
<wsp:All wsp:Usage="Required">
<L7p:WssDigest>
<L7p:RequireNonce booleanValue="true"/>
<L7p:RequireTimestamp booleanValue="true"/>
<L7p:RequiredPassword stringValue="${secpass.sisoa-dpm-extib_conduent_mups_password.plaintext}"/>
<L7p:RequiredUsername stringValue="${gateway.sisoa-dpm-extib.conduent.mups.userId}"/>
</L7p:WssDigest>
</wsp:All>
</wsp:Policy>
Edward Lokiec
Telephone: 860.226.5977
E-mail Address: Ed.Lokiec@CIGNA.com
Confidential, unpublished property of Cigna. Do not duplicate or distribute. Use and distribution limited solely to authorized personnel. © Copyright 2020
------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: If you have received this email in error,
please immediately notify the sender by e-mail at the address shown.
This email transmission may contain confidential information. This
information is intended only for the use of the individual(s) or entity to
whom it is intended even if addressed incorrectly. Please delete it from
your files if you are not the intended recipient. Thank you for your
compliance. Copyright (c) 2020 Cigna
==============================================================================