Fix Pack 8550

UsernameToken with password digest (HashPassword) and timestamp over SSL

This policy requires that you protect the message with HTTPS, and that a UsernameToken is used for authentication. The UsernameToken password is hashed with the created timestamp and nonce. There is also a message Timestamp.

The following policy shows a UsernameToken with password digest (HashPassword) and timestamp over SSL:
<wsp:Policy wsu:Id="UserNameTokenPasswordHashOverSSL">
  <wsp:ExactlyOne>
    <wsp:All>
      <sp:TransportBinding>
        <wsp:Policy>
          <sp:TransportToken>
            <wsp:Policy>
              <sp:HttpsToken>
                <wsp:Policy />
              </sp:HttpsToken>
            </wsp:Policy>
          </sp:TransportToken>
          <sp:Layout>
            <wsp:Policy>
              <sp:Lax />
            </wsp:Policy>
          </sp:Layout>
          <sp:IncludeTimestamp />
          <sp:AlgorithmSuite>
            <wsp:Policy>
              <sp:Basic128 />
            </wsp:Policy>
          </sp:AlgorithmSuite>
        </wsp:Policy>
      </sp:TransportBinding>
      <sp:SupportingTokens>
        <wsp:Policy>
          <sp:UsernameToken
            sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
            <wsp:Policy>
              <sp:WssUsernameToken10 />
              <sp:HashPassword/>
            </wsp:Policy>
          </sp:UsernameToken>
        </wsp:Policy>
      </sp:SupportingTokens>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>
The namespaces used in this example are:

To validate the UsernameToken in the Liberty profile server, you must provide a password callback handler class on the provider side by setting the ws-security.callback-handler attribute. The password from the callback handler must match the password that is used in the PasswordDigest. The password must also match the password in the user registry in the Liberty profile.


Icon that indicates the type of topic Concept topic

Terms and conditions for information centers | Feedback


Timestamp icon Last updated: Monday, 21 April 2014
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-express-iseries&topic=cwlp_wssec_templates_scenario1
File name: cwlp_wssec_templates_scenario1.html