Groups
Conversations
All groups and messages
Send feedback to Google
Help
Training
Sign in
Groups
Savon
Conversations
About
Using WSSecurity Username Token Profile
788 views
Skip to first unread message
Giovanni Mori
unread,
Apr 24, 2013, 11:15:21 AM
4/24/13
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to sav...@googlegroups.com
I had to call the web services exposed by CMDBuild -
http://www.cmdbuild.org/en
These WS are protected using WS Security Username Token Profile 1.0 with password digest, as defined here:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf
I wrote this:
client = Savon.client do
wsse_auth("cmdt", "mypass", :digest)
wsse_timestamp(true)
wsdl("
http://chef11-node3:8080/cmdbuild/services/soap/Webservices?wsdl
")
end
but I received a Soap Authentication error:
<soap:Fault>
<faultcode xmlns:ns1="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">
ns1:FailedAuthentication</faultcode>
<faultstring>The security token could not be authenticated or authorized</faultstring>
</soap:Fault>
Comparing Soap envelope generated by Savon with the one obtained from SoapUI (which succeded in calling the ws), I found some differences:
SaopUI
:
<wsse:Password Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
">
ci6Sr5b4TXfE0xY78c7lvSJN8LI=
</wsse:Password>
<wsse:Nonce EncodingType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
">
m4yUYN7DNDziMu75D88RFQ==
</wsse:Nonce>
Savon
:
<wsse:Password Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
">
NGZhODMxOTkzOGZiYjU2Yzc5NGQyNzEwMzMwMDdlNTgxM2U1MDVmZA==
</wsse:Password>
<wsse:Nonce>
a350c2750179bf82a44648e4d9707ab73d688812
</wsse:Nonce>
So I made some changes at the file
wsse.rb
(in the
akami
library):
[root@chef11-workstation akami]# diff wsse.rb.old wsse.rb
73c73
< created_at || expires_at || @wsu_timestamp
---
> false
116c116
< "wsse:Nonce" => nonce,
---
> "wsse:Nonce" => Base64.encode64(nonce).chomp!,
172c172
< Base64.encode64(Digest::SHA1.hexdigest(token)).chomp!
---
> Base64.encode64(Digest::SHA1.digest(token)).chomp!
177c177
< @nonce ||= Digest::SHA1.hexdigest random_string + timestamp
---
> @nonce ||= Digest::SHA1.digest random_string + timestamp
With these changes, now I'm able to call all the WS.
What do you think about ? Had anyone the same problems?
Regards,
Giovanni
zero...@gmail.com
unread,
Jan 22, 2014, 10:42:26 AM
1/22/14
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to sav...@googlegroups.com
Yes, I had the same issue and this solved it for me.
Thank you for the solution!
zero...@gmail.com
unread,
Feb 24, 2014, 9:30:48 AM
2/24/14
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to sav...@googlegroups.com, zero...@gmail.com
I want to point out that the latest update to Akami seems to have most of these changes now.
Reply all
Reply to author
Forward
0 new messages