AnsweredAssumed Answered

WSSE Header

Question asked by gressho on Oct 10, 2008

in an earlier message some SOAP code was posted with the WS-Security header included. I'm using JAX-WS for my client and it should perfectly
be possible to send a password digest, but what method is used? MD5? SHA1?
There is also a timestamp included. I've developed a SecurityHandler which adds these information to the header but your old webservice
implementation allways rejected my timestamp and that behaviour came from WSS4J which is also used in CXF. I'll retry…
Additionally there is a nonce in the header. Is this needed? I'm not sure how to generate a nonce or how to react t an aswer with a nonce.

In the future we want to use a SAML based SSO solution (Shibboleth). In the moment the problem is, our client will run in a portal environment
(JBossPortal), so I know the user name but not the password. From Shibboleth I hope I'll get a SAML token which is (theoretically) supported by
CXF/WSS4J. Are you planning to support it, too?

How often will there be updates to CMIS and how will I integrate them with our Alfresco installation?

Best wishes