Petals BC SOAP

[WS-Security] Nonce value of the Username Token not correclty managed

Details

  • Type: Bug Bug
  • Status: New New
  • Priority: Major Major
  • Resolution: Unresolved
  • Affects Version/s: 4.1
  • Fix Version/s: 5.2.0
  • Component/s: None
  • Security Level: Public
  • Description:
    Hide

    The Nonce value of the UsernameToken is not correctly managed:

    1. you send a SOAP request with WSS header (containing a Username with PasswordDigest, including a Nonce value) from SoapUI.
    2. You just put the WSS header the SOAP enveloppe of your request (you not use a WSS configuration).
      SoapUI will generate a WSS header each time you send the request, and Nonce value will be different at each call.
    3. you get a correct reply after the first call.
    4. you resend the same request (second call) and you get the same reply as previous instead of an error because we use the same Nonce values.
    Show
    The Nonce value of the UsernameToken is not correctly managed:
    1. you send a SOAP request with WSS header (containing a Username with PasswordDigest, including a Nonce value) from SoapUI.
    2. You just put the WSS header the SOAP enveloppe of your request (you not use a WSS configuration). SoapUI will generate a WSS header each time you send the request, and Nonce value will be different at each call.
    3. you get a correct reply after the first call.
    4. you resend the same request (second call) and you get the same reply as previous instead of an error because we use the same Nonce values.
  • Environment:
    axis2 1.6.2, rampart 1.6.0, petals-esb 4.1

People

  • Assignee:
    Unassigned
    Reporter:
    ghassen
  • Watchers:
    0

Dates

  • Created:
    Wed, 25 Jul 2012 - 14:04:04 +0200
    Updated:
    Tue, 11 Apr 2023 - 14:20:17 +0200
Atlassian JIRA (v4.1.2#531) | Report a problem | Request a feature | Contact administrators
Powered by a free Atlassian JIRA open source license for Petals ESB. Try JIRA - bug tracking software for your team.