0

I am trying to connect to a Java webservice using WCF. I have no control over the web service. Tried Soap UI This is a working outgoing request on SOAP UI

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" 
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken u:Id="UsernameToken-5"><wsse:Username>Charlie</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Cardon1127</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">2u6oHBCYoXG15hZdvwbbBQ==</wsse:Nonce>
<u:Created>2013-12-04T17:12:09.884Z</u:Created></wsse:UsernameToken></wsse:Security>
</s:Header>
<s:Body xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<COREEnvelopeRealTimeRequest xmlns="http://www.caqh.org/SOAP/WSDL/CORERule2.2.0.xsd"><PayloadType xmlns="">X12_270_Request_005010X279A1
</PayloadType><ProcessingMode xmlns="">RealTime</ProcessingMode><PayloadID xmlns="">25f6a623-e53a-4263-8310-869666576380</PayloadID>
<TimeStamp xmlns="">2013-12-04T05:00:22Z</TimeStamp><SenderID xmlns="">Charlie</SenderID><ReceiverID xmlns="">431754897</ReceiverID>
<CORERuleVersion xmlns="">2.2.0</CORERuleVersion><Payload xmlns="">My Payload</Payload></COREEnvelopeRealTimeRequest></s:Body></s:Envelope>

WCF Client 

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" 
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" 
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken u:Id="uuid-2d5afa3f-b6c4-44f4-bbc3-072ede1b3469-5" 
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<o:Username>Charlie</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Cardon1127</o:Password>
<o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">ODwd
dPUEK5FwBLM4RCgmWY8jWmM=</o:Nonce>
<u:Created>2013-12-04T11:10:26.349Z</u:Created></o:UsernameToken>
</o:Security>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<COREEnvelopeRealTimeRequest xmlns="http://www.caqh.org/SOAP/WSDL/CORERule2.2.0.xsd">
<PayloadType xmlns="">X12_270_Request_005010X279A1</PayloadType><ProcessingMode xmlns="">RealTime</ProcessingMode>
<PayloadID xmlns="">8b967b05-7c1d-40e4-b066-4f58ddb27924</PayloadID><TimeStamp xmlns="">2013-12-04T05:10:22Z</TimeStamp>
<SenderID xmlns="">Charlie</SenderID><ReceiverID xmlns="">431754897</ReceiverID><CORERuleVersion xmlns="">2.2.0</CORERuleVersion>
<Payload xmlns="">My Payload</Payload></COREEnvelopeRealTimeRequest></s:Body></s:Envelope>

THis is how I am generating the nonce (WriteTokenCore) WCF: Adding Nonce to UsernameToken Request using .Net client gives an error: 

       security.wssecurity.WSSContextImpl.s02: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: CWWSS5193E:
     The nonce, which is a randomly generated value, has expired. ocurred while running action: 
com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1@47098188

Thank you

Community
  • 1
  • 1
user575219
  • 2,346
  • 15
  • 54
  • 105

2 Answers2

1

The message might have taken too long to arrive, or there could be a time syncronization problem between client and server.

Ensure that the date, time, and time zone are synchronized for both the client and the server. If they are both syncronized, it will need to be determined why the message is taking so long to arrive

Taken from http://publib.boulder.ibm.com/infocenter/dmndhelp/v6r2mx/index.jsp?topic=/com.ibm.websphere.wbpm.messages.620.doc/messages/com.ibm.ws.wssecurity.resources.wssmessages.html

snacky
  • 819
  • 7
  • 13
0

According to oasis-200401-wss-username-token-profile v1.0 (line 173, pag. 9)

PasswordText (default)

The actual password for the username, the password hash, or derived password or S/KEY. This type should be used when hashed password equivalents that do not rely on a nonce or creation time are used, or when a digest algorithm other than SHA1 is used

Nonce and Created should not be sent if your password type is PasswordText or the SOAP server will reject the request.

If you need send a nonce and created you will calculate the digest for Password using the same values on "nonce" and "created", the nonce could be any random text and you can generate it with a Guid or Random only without created (line 113, pag. 8)

Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )

and set the password type "#PasswordDigest"

All of this depends of your web service specs, if the password needs to be clear then don't send nonce and created, if needs to be digest then you will calculate it and you will send the nonce and created.

Community
  • 1
  • 1
vzamanillo
  • 9,905
  • 1
  • 36
  • 56
  • If you read on: https://www.oasis-open.org/committees/download.php/13392/wss-v1.1-spec-pr-UsernameTokenProfile-01.htm the site says: It is RECOMMENDED that web service producers reject any UsernameToken not using both nonce and creation timestamps. – Robert Achmann Dec 10 '14 at 17:38