BSSV with crypted password (digest)

[cscdans]

Hello List,
first: A happy new year!

Does anbody got experience in using crypted paaswords (OAS - Setting for the BSSV-Authentification: Use Username/Password Authentication ON and Password Type DIGEST).
When using MS WES the produced message looks ok tome, the nonce & creation time seems to be OK, too:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><soap:Header><wsa:Action>http://oracle.e1.bssv.JP57TEST//get...al:85/PY812/UDCManager</wsa:To><wsse:Security soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="Timestamp-e5a1c06c-3f3a-4fb5-97e6-3bb360d98cfb"><wsu:Created>2011-01-04T14:36:38Z</wsu:Created><wsu:Expires>2011-01-04T14:41:38Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-d220ce8b-42a2-4f11-a512-ae6b56f7ce91"><wsse:Username>cscdans</wsse:Username><wsseassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">HxaFD6smoCDy183lAFdiXPACkw0=</wsseassword><wsse:Nonce>G5o9mcs067c7cjDfDlaZiQ==</wsse:Nonce><wsu:Created>2011-01-04T14:36:38Z</wsu:Created></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><getEmailByUserIDElement xmlns="http://oracle.e1.bssv.JP57TEST/types/"><userID>SCHUBERC</userID></getEmailByUserIDElement></soap:Body></soap:Envelope>

CODE:
Microsoft.Web.Services3.Security.Tokens.UsernameToken token = new Microsoft.Web.Services3.Security.Tokens.UsernameToken("cscdans", "dans", Microsoft.Web.Services3.Security.Tokens.PasswordOption.SendHashed);

local.fanuc.luechweb2fage.UDCManagerWse uw = new TestSecService.local.fanuc.luechweb2fage.UDCManagerWse();
//uw.SetClientCredential<Microsoft.Web.Services3.Security.Tokens.UsernameToken>(token);
uw.RequestSoapContext.Security.Tokens.Add(token);

local.fanuc.luechweb2fage.GetEmailByUser geu=new local.fanuc.luechweb2fage.GetEmailByUser();
geu.userID="SCHUBERC";
local.fanuc.luechweb2fage.ShowEmailByUser su;
try
{
su = uw.getEmailByUserID(geu);
Console.WriteLine("Retval: " + su.companyEmailAddress);
}
catch (Exception e)
{
Console.WriteLine("Error: " + e.Message);
}

We do not want to transfer the password uncrypted (PLAINTEXT option, that works well).

If anybody got experience with that or encrypting complete BSSV SOAP messages any suggestion or report are very welcome.

Thank you in advance,
best regards,
Carsten

 

[cscdans]

Hi List,
I got a very quick answer from Oracle: digest (crypted) password are not supported by design of Enterprise One. I requested to open a feature request or SAR for that. So if anybody else does not like to send uncrypted passoerd infromation through the network (and perhaps internet), open a SR at oracle. I hope over time they will enable that feature.

Best regards,
Carsten