IBM webMethods Hybrid Integration

IBM webMethods Hybrid Integration

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

WS-Policy: UsernameToken with password digest

  • 1.  WS-Policy: UsernameToken with password digest

    Posted Mon September 12, 2016 09:36 AM

    We have edited buitlin policy to add HashPassword as mentioned below

                 <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:HashPassword/>
<sp:WssUsernameToken10/>
</wsp:Policy>

</sp:UsernameToken>

    With this change I am able to send nonce and created time in wsse:UsernameToken tag.
    But the password is still is in plain text.

    <wsse:UsernameToken wsu:Id=“UsernameToken-6”>wsse:Usernametest</wsse:Username><wsse:Password Type=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest”>manage</wsse:Password><wsse:Nonce EncodingType=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary”>KF8Ny8T1DjP8LNKEa4qDQQ==</wsse:Nonce>wsu:Created2016-09-12T11:15:33.169Z</wsu:Created></wsse:UsernameToken>

    But our requirements is to pass the nonce, created time and password digest.
    Please suggest how to proceed further.

    we are using 9.10 webMethods


    #soa
    #webMethods
    #API-Management


Related Content