-----Mensaje original----- De: Amila Jayasekara [mailto:[email protected]] Enviado el: lunes, 07 de mayo de 2012 13:43 Para: Jorge Infante Osorio CC: [email protected] Asunto: Re: [Architecture] Hide password in UsernameToken policy with hash
On Mon, May 7, 2012 at 10:04 AM, Jorge Infante Osorio <[email protected]> wrote: > Hi Amila. > > I also do it like you say but with no success. > > The problem is this: > > 1. The policy is upload successfully to the registry´s governance pace. > 2. In the security section I select the Policy From Registry. > 3. In the service wsdl, I don´t see the <sp:HashPassword/> inside the > Policy. > 4. In the service dashboard in QoS configuration, when I go to the > Policies option I don´t see the <sp:HashPassword/> in any Binding. > 5. If I try to edit the policy in any binding, the modifications disappears. > > 6. Also I dont see any error in the console to this behavior. The > <sp:HashPassword/> just disappear. > 7. If it´s something wrong with the policy I just expected to see an > error in the console. > > > This is a policy part in the registry as I upload it. > > <sp:SupportingTokens > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <wsp:Policy> > <sp:UsernameToken > sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/20 > 0702/I > ncludeToken/AlwaysToRecipient"> > <wsp:Policy> > <sp:HashPassword/> > </wsp:Policy> > </sp:UsernameToken> > </wsp:Policy> > </sp:SupportingTokens> > > And this is how I see in the wsdl: > > <sp:SupportingTokens > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <wsp:Policy> > <sp:UsernameToken > sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/20 > 0702/I > ncludeToken/AlwaysToRecipient" /> > </wsp:Policy> > </sp:SupportingTokens> > > Any idea? I put the policy as attachment. Hi Jorge, What is the Policy wsu:Id you gave ? If it is same as UTOverTransport, probably system will interpret policy as user name token scenario 1. Can you please try changing wsu:Id of uploading policy and see whether issue is resolved ? In the file and in the Repository I have this: <wsp:Policy wsu:Id="UsernameTokenConHash" xmlns:wsu= "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility- 1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> and in the wsdl I see this: <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd" wsu:Id="policyFromRegistry"> Thanks, Jorge. Thanks AmilaJ > > Saludos, > Ing. Jorge Infante Osorio. > J´Dpto Soluciones SOA. > CDAE. > Fac. 5. > UCI. > > De: [email protected] > [mailto:[email protected]] En nombre de Amila Jayasekara > Enviado el: domingo, 06 de mayo de 2012 23:52 > Para: [email protected] > Asunto: Re: [Architecture] Hide password in UsernameToken policy with > hash > > Hi Jorge, > > I hope you applied UT security from scenarios and tried to modify the > policy file through policy editor ? If that is the case, we generally > do not recommend to change existing policy files in scenarios, as it > will change the semantics described by the scenario. > > Best method is to save UT policy to a file and add <sp:HashPassword/> > to UT in file. Then upload file to registry's governance space. Then > when applying security you can select the file from governance space. > > Thanks > AmilaJ > On Sat, May 5, 2012 at 10:41 PM, Jorge Hernandez Rosello > <[email protected]> > wrote: > Hi all. > > I am trying to consume a secure service with UT scenario but this time > adding a hash to politics for the password don´t travel in clear text. > The problem is that when I associate the policy to the WSDL of the > service, the Application Server (home service) is removing me from > politics the tab "<sp:HashPassword/>", which precisely hides the > password using a hash. When consuming the service, the client is > sending a request message with the encrypted password and the service > returns an authentication error because they do not understand the password sent by the client. > > I'm working with version 4.1.2 of wso2as. > > Any idea what might be happening? > > Thanks, > > Jorge H. > > > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > > > -- > Mobile : +94773330538 > > > 10mo. ANIVERSARIO DE LA CREACION DE LA UNIVERSIDAD DE LAS CIENCIAS INFORMATICAS... > CONECTADOS AL FUTURO, CONECTADOS A LA REVOLUCION > > http://www.uci.cu > http://www.facebook.com/universidad.uci > http://www.flickr.com/photos/universidad_uci > -- Mobile : +94773330538 10mo. ANIVERSARIO DE LA CREACION DE LA UNIVERSIDAD DE LAS CIENCIAS INFORMATICAS... CONECTADOS AL FUTURO, CONECTADOS A LA REVOLUCION http://www.uci.cu http://www.facebook.com/universidad.uci http://www.flickr.com/photos/universidad_uci 10mo. ANIVERSARIO DE LA CREACION DE LA UNIVERSIDAD DE LAS CIENCIAS INFORMATICAS... CONECTADOS AL FUTURO, CONECTADOS A LA REVOLUCION http://www.uci.cu http://www.facebook.com/universidad.uci http://www.flickr.com/photos/universidad_uci _______________________________________________ User mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/user
