Petals BC SOAP

[WS-Security] Nonce value of the Username Token not correclty managed

View this issue in another formatViewView
- XML
- Word
- Printable

Details

Type: Bug
Status: New
Priority: Major
Resolution: Unresolved
Affects Version/s: 4.1
Fix Version/s: 5.2.0
Component/s: None
Security Level: Public

Description:
Hide
The Nonce value of the UsernameToken is not correctly managed:

you send a SOAP request with WSS header (containing a Username with PasswordDigest, including a Nonce value) from SoapUI.

You just put the WSS header the SOAP enveloppe of your request (you not use a WSS configuration).
SoapUI will generate a WSS header each time you send the request, and Nonce value will be different at each call.

you get a correct reply after the first call.

you resend the same request (second call) and you get the same reply as previous instead of an error because we use the same Nonce values.
Show
The Nonce value of the UsernameToken is not correctly managed:

you send a SOAP request with WSS header (containing a Username with PasswordDigest, including a Nonce value) from SoapUI.

You just put the WSS header the SOAP enveloppe of your request (you not use a WSS configuration). SoapUI will generate a WSS header each time you send the request, and Nonce value will be different at each call.

you get a correct reply after the first call.

you resend the same request (second call) and you get the same reply as previous instead of an error because we use the same Nonce values.

Environment:

axis2 1.6.2, rampart 1.6.0, petals-esb 4.1

Activity

There aren't workflow transitions executed yet.

People

Assignee:

Unassigned

Reporter:

ghassen
Watchers:

0

Dates

Created:

Wed, 25 Jul 2012 - 14:04:04 +0200

Updated:

Tue, 11 Apr 2023 - 14:20:17 +0200