[prev in list] [next in list] [prev in thread] [next in thread]
List: wsas-java-user
Subject: Re: [User] [Architecture] Hide password in UsernameToken policy with hash
From: "Jorge Infante Osorio" <jorgeio () uci ! cu>
Date: 2012-05-07 19:36:22
Message-ID: !&!AAAAAAAAAAAYAAAAAAAAADEDMahRnnVKvgclMiDfrb3CgAAAEAAAAN/Y/6Gh+HBHiD5QybVmJhsBAAAAAA== () uci ! cu
[Download RAW message or body]
-----Mensaje original-----
De: Amila Jayasekara [mailto:amilaj@wso2.com]
Enviado el: lunes, 07 de mayo de 2012 13:43
Para: Jorge Infante Osorio
CC: user@wso2.org
Asunto: Re: [Architecture] Hide password in UsernameToken policy with hash
On Mon, May 7, 2012 at 10:04 AM, Jorge Infante Osorio <jorgeio@uci.cu>
wrote:
> Hi Amila.
>
> I also do it like you say but with no success.
>
> The problem is this:
>
> 1. The policy is upload successfully to the registry´s governance pace.
> 2. In the security section I select the Policy From Registry.
> 3. In the service wsdl, I don´t see the <sp:HashPassword/> inside the
> Policy.
> 4. In the service dashboard in QoS configuration, when I go to the
> Policies option I don´t see the <sp:HashPassword/> in any Binding.
> 5. If I try to edit the policy in any binding, the modifications
disappears.
>
> 6. Also I don’t see any error in the console to this behavior. The
> <sp:HashPassword/> just disappear.
> 7. If it´s something wrong with the policy I just expected to see an
> error in the console.
>
>
> This is a policy part in the registry as I upload it.
>
> <sp:SupportingTokens
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy>
> <sp:UsernameToken
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/20
> 0702/I
> ncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:HashPassword/>
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SupportingTokens>
>
> And this is how I see in the wsdl:
>
> <sp:SupportingTokens
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy>
> <sp:UsernameToken
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/20
> 0702/I
> ncludeToken/AlwaysToRecipient" />
> </wsp:Policy>
> </sp:SupportingTokens>
>
> Any idea? I put the policy as attachment.
Hi Jorge,
What is the Policy wsu:Id you gave ? If it is same as UTOverTransport,
probably system will interpret policy as user name token scenario 1.
Can you please try changing wsu:Id of uploading policy and see whether issue
is resolved ?
In the file and in the Repository I have this:
<wsp:Policy wsu:Id="UsernameTokenConHash" xmlns:wsu=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-
1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
and in the wsdl I see this:
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd" wsu:Id="policyFromRegistry">
Thanks,
Jorge.
Thanks
AmilaJ
>
> Saludos,
> Ing. Jorge Infante Osorio.
> J´Dpto Soluciones SOA.
> CDAE.
> Fac. 5.
> UCI.
>
> De: architecture-bounces@wso2.org
> [mailto:architecture-bounces@wso2.org] En nombre de Amila Jayasekara
> Enviado el: domingo, 06 de mayo de 2012 23:52
> Para: architecture@wso2.org
> Asunto: Re: [Architecture] Hide password in UsernameToken policy with
> hash
>
> Hi Jorge,
>
> I hope you applied UT security from scenarios and tried to modify the
> policy file through policy editor ? If that is the case, we generally
> do not recommend to change existing policy files in scenarios, as it
> will change the semantics described by the scenario.
>
> Best method is to save UT policy to a file and add <sp:HashPassword/>
> to UT in file. Then upload file to registry's governance space. Then
> when applying security you can select the file from governance space.
>
> Thanks
> AmilaJ
> On Sat, May 5, 2012 at 10:41 PM, Jorge Hernandez Rosello
> <jhernandez@uci.cu>
> wrote:
> Hi all.
>
> I am trying to consume a secure service with UT scenario but this time
> adding a hash to politics for the password don´t travel in clear text.
> The problem is that when I associate the policy to the WSDL of the
> service, the Application Server (home service) is removing me from
> politics the tab "<sp:HashPassword/>", which precisely hides the
> password using a hash. When consuming the service, the client is
> sending a request message with the encrypted password and the service
> returns an authentication error because they do not understand the
password sent by the client.
>
> I'm working with version 4.1.2 of wso2as.
>
> Any idea what might be happening?
>
> Thanks,
>
> Jorge H.
>
>
>
>
> _______________________________________________
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
>
> --
> Mobile : +94773330538
>
>
> 10mo. ANIVERSARIO DE LA CREACION DE LA UNIVERSIDAD DE LAS CIENCIAS
INFORMATICAS...
> CONECTADOS AL FUTURO, CONECTADOS A LA REVOLUCION
>
> http://www.uci.cu
> http://www.facebook.com/universidad.uci
> http://www.flickr.com/photos/universidad_uci
>
--
Mobile : +94773330538
10mo. ANIVERSARIO DE LA CREACION DE LA UNIVERSIDAD DE LAS CIENCIAS
INFORMATICAS...
CONECTADOS AL FUTURO, CONECTADOS A LA REVOLUCION
http://www.uci.cu
http://www.facebook.com/universidad.uci
http://www.flickr.com/photos/universidad_uci
10mo. ANIVERSARIO DE LA CREACION DE LA UNIVERSIDAD DE LAS CIENCIAS INFORMATICAS...
CONECTADOS AL FUTURO, CONECTADOS A LA REVOLUCION
http://www.uci.cu
http://www.facebook.com/universidad.uci
http://www.flickr.com/photos/universidad_uci
_______________________________________________
User mailing list
User@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/user
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic