Petals BC SOAP

[WS-Security] Nonce value of the Username Token not correclty managed

Details

  • Type: Bug Bug
  • Status: New New
  • Priority: Major Major
  • Resolution: Unresolved
  • Affects Version/s: 4.1
  • Fix Version/s: 5.2.0
  • Component/s: None
  • Security Level: Public
  • Description:
    Hide

    The Nonce value of the UsernameToken is not correctly managed:

    1. you send a SOAP request with WSS header (containing a Username with PasswordDigest, including a Nonce value) from SoapUI.
    2. You just put the WSS header the SOAP enveloppe of your request (you not use a WSS configuration).
      SoapUI will generate a WSS header each time you send the request, and Nonce value will be different at each call.
    3. you get a correct reply after the first call.
    4. you resend the same request (second call) and you get the same reply as previous instead of an error because we use the same Nonce values.
    Show
    The Nonce value of the UsernameToken is not correctly managed:
    1. you send a SOAP request with WSS header (containing a Username with PasswordDigest, including a Nonce value) from SoapUI.
    2. You just put the WSS header the SOAP enveloppe of your request (you not use a WSS configuration). SoapUI will generate a WSS header each time you send the request, and Nonce value will be different at each call.
    3. you get a correct reply after the first call.
    4. you resend the same request (second call) and you get the same reply as previous instead of an error because we use the same Nonce values.
  • Environment:
    axis2 1.6.2, rampart 1.6.0, petals-esb 4.1

Activity

Ascending order - Click to sort in descending order
Christophe DENEUX made changes - Wed, 25 Jul 2012 - 15:12:30 +0200
Field Original Value New Value
Summary Bug in SOAP request-response with WSS header (petals-bc-soap component) [WS-Security] Nonce value od the Username Token not correclty managed
Assignee Nicolas Oddoux [ noddoux ]
Priority Major [ 3 ]
Description you send a SOAP request with WSS header (containing a Username with PasswordDigest, including a Nonce value) from SoapUI.
You just put the WSS header the SOAP enveloppe of your request (you not use a WSS configuration).
SoapUI will generate a WSS header each time you send the request, and Nonce value will be different at each call.
you get a correct reply after the first call.
you resend the same request (second call) and you get the same reply as previous instead of an error because we use the same Nonce values. 		The Nonce value of the UsernameToken is not correctly managed:
# you send a SOAP request with WSS header (containing a Username with PasswordDigest, including a Nonce value) from SoapUI.
# You just put the WSS header the SOAP enveloppe of your request (you not use a WSS configuration).
SoapUI will generate a WSS header each time you send the request, and Nonce value will be different at each call.
# you get a correct reply after the first call.
# you resend the same request (second call) and you get the same reply as previous instead of an error because we use the same Nonce values.
Christophe DENEUX made changes - Thu, 26 Jul 2012 - 11:51:04 +0200
Fix Version/s 4.3.0 [ 10361 ]
Christophe DENEUX made changes - Tue, 2 Jul 2013 - 09:13:40 +0200
Summary [WS-Security] Nonce value od the Username Token not correclty managed [WS-Security] Nonce value of the Username Token not correclty managed
Christophe DENEUX made changes - Tue, 24 Sep 2013 - 09:24:09 +0200
Fix Version/s VNext [ 10405 ]
Fix Version/s 4.3.0 [ 10361 ]
Christophe DENEUX made changes - Fri, 2 Oct 2015 - 17:07:32 +0200
Fix Version/s 4.4.1 [ 10587 ]
Fix Version/s 4.4.0 [ 10405 ]
Christophe DENEUX made changes - Mon, 23 May 2016 - 12:40:03 +0200
Fix Version/s 4.4.2 [ 10650 ]
Fix Version/s 4.4.1 [ 10587 ]
Christophe DENEUX made changes - Tue, 20 Sep 2016 - 15:48:59 +0200
Fix Version/s 4.4.2 [ 10650 ]
Fix Version/s 4.4.3 [ 10684 ]
Christophe DENEUX made changes - Thu, 4 Jan 2018 - 12:04:38 +0100
Fix Version/s 4.4.4 [ 10770 ]
Fix Version/s 4.4.3 [ 10684 ]
Christophe DENEUX made changes - Thu, 15 Feb 2018 - 15:25:21 +0100
Fix Version/s 4.4.5 [ 10823 ]
Fix Version/s 4.4.4 [ 10770 ]
Christophe DENEUX made changes - Thu, 26 Jul 2018 - 16:53:33 +0200
Fix Version/s 5.0.1 [ 10867 ]
Fix Version/s 5.0.0 [ 10823 ]
Christophe DENEUX made changes - Tue, 11 Apr 2023 - 14:20:17 +0200
Fix Version/s 5.2.0 [ 11109 ]
Fix Version/s 5.1.0 [ 10867 ]

People

  • Assignee:
    Unassigned
    Reporter:
    ghassen
  • Watchers:
    0

Dates

  • Created:
    Wed, 25 Jul 2012 - 14:04:04 +0200
    Updated:
    Tue, 11 Apr 2023 - 14:20:17 +0200
Atlassian JIRA (v4.1.2#531) | Report a problem | Request a feature | Contact administrators
Powered by a free Atlassian JIRA open source license for Petals ESB. Try JIRA - bug tracking software for your team.