Scribd Logo
Upload

Welcome to Scribd!

  • Request Contents Tibco

    Uploaded by

    senthur123
    47 views2 pages
    Request Contents Tibco

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Request Contents Tibco

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    47 views2 pages

    Request Contents Tibco

    Uploaded by

    senthur123
    Request Contents Tibco

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    Document

    TIBCO BusinessWorks: Understanding Web Services Security 22


    6.1.1 Request Contents UserName Token
    In this particular test, the configuration is to use the UserName Token in Text Mode for Authentication.
    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header>
    <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-
    open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
    wssecurity-secext-1.0.xsd">
    <wsse:Username xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
    wssecurity-secext-1.0.xsd">admin</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-
    token-profile-1.0#PasswordText" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
    wss-wssecurity-secext-1.0.xsd">admin</wsse:Password>
    <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
    wssecurity-utility-1.0.xsd">2006-08-07T17:09:13.005Z</wsu:Created>
    <wsse:Nonce xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
    wssecurity-secext-1.0.xsd">Y7/sTGnv1b3+LLvd4EVPIA==</wsse:Nonce>
    </wsse:UsernameToken>
    </wsse:Security>
    </SOAP-ENV:Header>
    <SOAP-ENV:Body>
    <ns0:Inquiry xmlns:ns0="http://xmlns.example.com/unique/default/namespace/1154630967053">What
    Time is it?</ns0:Inquiry>
    </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>

    Notice the wsse and wsu namespaces (UsernameToken, Username, Password, Created, and Nonce), and
    the literal Username and Password (in clear text) with a timestamp all of these are in bold. The timestamp
    (wsu:Created) is used with the timeout parameter to limit the useful time period for the nonce ( wsse:Nonce);
    together, the Nonce and an explicit timestamp permit ID/Passwords to be used in the clear while not being reusable or
    subject to replay. The other form of password is Digest, which is more secure; for the best security using UserName
    Tokens, you should use TLS/SSL to encrypt the communications channel.
    Document
    TIBCO BusinessWorks: Understanding Web Services Security 23
    In order to capture this information, I used TCPMon to listen in on Port 7176 and relay everything to Port 7177. To do
    this, modify the SOAP Clients Transport Details Tab info as shown below:



    6.1.2 Troubleshooting Bad ID or Password
    Now, lets introduce an error into this situation intentionally change the password on the UserNameToken
    Identity, so that it will fail authentication with the Administrator, and re-run the test and you will get a SOAPPLUGIN-
    100023 Error, indicating that a SOAP Fault was sent by the Service:

    You might also like