AnsweredAssumed Answered

Authentication when calling a method

Question asked by fgeorges on Dec 29, 2008
Latest reply on Dec 29, 2008 by vsuarez
Hi,

I try to call a service method from SoapUI.  So I call startSession on the authentication service first, then I use the ticket to create the WS-Security header for the method I want to call.  The header looks like:


     <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsu:Timestamp>
            <wsu:Created>2008-12-29T02:50:00+01:00</wsu:Created>
            <wsu:Expires>2008-12-29T03:00:00+01:00</wsu:Expires>
         </wsu:Timestamp>
         <wsse:UsernameToken>
            <wsse:Username>xxx</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">TICKET_xxxxx</wsse:Password>
         </wsse:UsernameToken>
      </wsse:Security>

But I get an exception:


      <soapenv:Fault>
         <faultcode>soapenv:Server.generalException</faultcode>
         <faultstring>WSDoAllReceiver: The timestamp could not be validated</faultstring>
         <detail>
            …

How should I use the token to create the header?  What should I use as timestamps?  I didn't find any simple example that didn't use some API (Java, .NET…) instead of showing the SOAP messages themselves.

Best regards,


Florent Georges
http://www.fgeorges.org/

Outcomes