Brian, to check the username token signing I took the data you sent (the logged request) and fed it into a small test programm that used it to call the WSSecurity engine to verify the signature - thus it was not an online test. Your data had enough info to verify the signature. I have to look in my development environment to check how to setup an online interop test. IMO you just need to define the right action and username and password, I'll recheck this.
According to your second question: the way to use the username token to sign and/or encrypt a request is not standardized by OASIS WSS. To the best of my knowledge this is a proprietary method used by WSE2 only. Regards, Werner > -----Urspr�ngliche Nachricht----- > Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 21. Januar 2005 10:56 > An: [EMAIL PROTECTED] > Cc: [email protected] > Betreff: Signing with a UsernameToken - interop with WSE2 > > > Werner, > > As you've seen on the list I've "resurfaced" after 3 months > of silence. I > would really like to figure it out myself and contibute to > the project, > but my knowledge/understanding is quite limited. I've looked > at the wsse > Unittest number 13 - but as far as I can see It doesn't do > what you wrote > about in your mail: > > "I was able to perform the Signature check with this request." > > http://nagoya.apache.org/eyebrowse/[EMAIL PROTECTED] apache.org&msgNo=2099 Is that code checked in or can you send it, so that I can reproduce it with a new dummy service that one of my colleague set up. Because eventhough you got success I'm stille no able to acces a WSE2 Web Service that requires signing the body and Timestamp with a key based on the UsernameToken. Since if I can reproduce the digest and signature given a UsernameToken (include nonce ect.) and several addressing elements. And a second question, I've looked through the WS-Trust specification and the WS-Secure Conversation, but I havn't spotted where the description for WSE2's "way of doing" is described. I would like to gather the facts and out assumptions and post it to the WSE2 team, to clear out any misunderstandings if we strike gound again. Thanks in advance. Brgds Brian
