Re: [User] [Architecture] Hide password in UsernameToken policy with hash

Sun, 06 May 2012 21:35:36 -0700 

Hi Amila. 

I also do it  like you say but with no success.

The problem is this:

1. The policy is upload successfully to the registry´s governance pace.
2. In the security section I select the Policy From Registry.
3. In the service wsdl, I don´t see the <sp:HashPassword/> inside the
Policy.
4. In the service dashboard in QoS configuration, when I go to the Policies
option I don´t see the <sp:HashPassword/> in any Binding. 
5. If I try to edit the policy in any binding, the modifications disappears.

6. Also I don’t see any error in the console to this behavior.  The
<sp:HashPassword/> just disappear.
7. If it´s something wrong with the policy I just expected to see an error
in the console.


This is a policy part in the registry as I upload it.

      <sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
        <wsp:Policy>
          <sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/I
ncludeToken/AlwaysToRecipient">
            <wsp:Policy>
              <sp:HashPassword/>
            </wsp:Policy>
          </sp:UsernameToken>
        </wsp:Policy>
      </sp:SupportingTokens>

And this is how I see in the wsdl:

<sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
  <wsp:Policy>
     <sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/I
ncludeToken/AlwaysToRecipient" />
  </wsp:Policy>
</sp:SupportingTokens>
 
Any idea? I put the policy as attachment. 

Saludos,
Ing. Jorge Infante Osorio.
J´Dpto Soluciones SOA.
CDAE.
Fac. 5.
UCI.

De: [email protected] [mailto:[email protected]] En
nombre de Amila Jayasekara
Enviado el: domingo, 06 de mayo de 2012 23:52
Para: [email protected]
Asunto: Re: [Architecture] Hide password in UsernameToken policy with hash

Hi Jorge,

I hope you applied UT security from scenarios and tried to modify the policy
file through policy editor ? If that is the case, we generally do not
recommend to change existing policy files in scenarios, as it will change
the semantics described by the scenario. 

Best method is to save UT policy to a file and add <sp:HashPassword/> to UT
in file. Then upload file to registry's governance space. Then when applying
security you can select the file from governance space.

Thanks
AmilaJ
On Sat, May 5, 2012 at 10:41 PM, Jorge Hernandez Rosello <[email protected]>
wrote:
Hi all.
 
I am trying to consume a secure service with UT scenario but this time
adding a hash to politics for the password don´t travel in clear text. The
problem is that when I associate the policy to the WSDL of the service, the
Application Server (home service) is removing me from politics the tab
"<sp:HashPassword/>", which precisely hides the password using a hash. When
consuming the service, the client is sending a request message with the
encrypted password and the service returns an authentication error because
they do not understand the password sent by the client.
 
I'm working with version 4.1.2 of wso2as.
 
Any idea what might be happening?
 
Thanks,
 
Jorge H.




_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture



-- 
Mobile : +94773330538


10mo. ANIVERSARIO DE LA CREACION DE LA UNIVERSIDAD DE LAS CIENCIAS 
INFORMATICAS...
CONECTADOS AL FUTURO, CONECTADOS A LA REVOLUCION

http://www.uci.cu
http://www.facebook.com/universidad.uci
http://www.flickr.com/photos/universidad_uci


<?xml version="1.0" encoding="UTF-8"?>
<!-- Client policy for Username Token with hashed password, sent from client to
 server only -->
<wsp:Policy wsu:Id="UsernameTokenConHash" xmlns:wsu=
    "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
  <wsp:ExactlyOne>
    <wsp:All>
	  <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
        <wsp:Policy>
          <sp:TransportToken>
            <wsp:Policy>
              <sp:HttpsToken RequireClientCertificate="false"></sp:HttpsToken>
            </wsp:Policy>
          </sp:TransportToken>
          <sp:AlgorithmSuite>
            <wsp:Policy>
              <sp:Basic256></sp:Basic256>
            </wsp:Policy>
          </sp:AlgorithmSuite>
          <sp:Layout>
            <wsp:Policy>
              <sp:Lax></sp:Lax>
            </wsp:Policy>
          </sp:Layout>
          <sp:IncludeTimestamp></sp:IncludeTimestamp>
        </wsp:Policy>
      </sp:TransportBinding>
      <sp:SupportingTokens
          xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
        <wsp:Policy>
          <sp:UsernameToken sp:IncludeToken=
              "http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
            <wsp:Policy>
              <sp:HashPassword/>
            </wsp:Policy>
          </sp:UsernameToken>
        </wsp:Policy>
      </sp:SupportingTokens>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

_______________________________________________
User mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/user

Reply via email to