proxy - WSO2 SECURITY USERNAMETOKEN ESB AND DSS -

-

proxyi'm trying build web service using esb wso2. service use dataservice data database need connect esb dss. when proxy , dataservice aren't securice work ok, when securice follow error

  <soapenv:fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">      <faultcode>wsse:invalidsecurity</faultcode>      <faultstring>nonce value : 8/bkmsfns2gtj58fxyv43q==, seen before user name : usuarioprueba1. possibly replay attack.</faultstring>      <detail/>   </soapenv:fault>

securizing dataservice not proxy work ok. send usernametoken , password created in user , roles esb , dss

one possible scenario error is, if using header mediator send custom soap security header.

for example, created proxy in [1], , may notice have put following element in soap message security header.

<wsse:nonce encodingtype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#base64binary">95euudnp5wt7nt3bads9tw==</wsse:nonce>

since i'm sending same nonce everytime backened, detected possible replay attack backend.

to rid of error, remove above 'nonce' element. backend stopped giving error

"nonce value : 95euudnp5wt7nt3bads9tw==, seen before user name : admin. possibly replay attack."

anymore.

only if send 'nonce' element in soap security header, backend check possible replay attacks. removing element 1 way of getting rid of error.

this means that, solution if don't want backend evaluate nonce value detecting replay attacks.

i know question 1 year-old; thought add answer reference.

[1]

    <?xml version="1.0" encoding="utf-8"?> <proxy xmlns="http://ws.apache.org/ns/synapse"        name="insuranceserviceproxy2"        transports="https,http"        statistics="disable"        trace="disable"        startonload="true">    <target>       <insequence>          <header scope="default">             <wsse:security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"                            xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"                            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"                            soapenv:mustunderstand="1">                <wsu:timestamp wsu:id="ts-23">                   <wsu:created>2015-06-13t03:07:55z</wsu:created>                </wsu:timestamp>                <wsse:usernametoken wsu:id="usernametoken-22">                   <wsse:username>admin</wsse:username>                   <wsse:password type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#passwordtext">admin</wsse:password>                   <wsse:nonce encodingtype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#base64binary">95euudnp5wt7nt3bads9tw==</wsse:nonce>                   <wsu:created>2015-06-13t03:07:55.091z</wsu:created>                </wsse:usernametoken>             </wsse:security>          </header>          <property name="authorization"                    value="basic ywrtaw46ywrtaw4="                    scope="transport"                    type="string"/>       </insequence>       <outsequence>          <send/>       </outsequence>       <endpoint>          <address uri="https://localhost:8243/services/insuranceservicebeproxy2"/>       </endpoint>    </target>    <description/> </proxy>

Comments

Post a Comment

Popular posts from this blog

C# random value from dictionary and tuple -

-
i have following code, , need random item contains string "region_1" dictionary. public static dictionary<int, tuple<string, int, currencytype>> itemarray = new dictionary<int, tuple<string, int, currencytype>>() { { 0xb3e, new tuple<string, int, currencytype>("region_1", 1500, currencytype.fame) } }; public static int generateitemid(string shopid) { var generateditem = itemarray.elementat(new random().next(0, itemarray.count)).key; } how select this? it's not possible efficiently... first create static random @ class level... prevent non-random behaviour if run query on short period of time... (it's seeded discrete clock) static random rnd = new random(); then: var item = itemarray.values .where(t => t.item1 == shopid) .orderby(_ => rnd.next()) .firstordefault()
Read more

cgi - How do I interpret URLs without extension as files rather than missing directories in nginx? -

-
so i'm trying install zoneminder , have run under nginx, has few compiled files need run using fast-cgi. these files lack extension. if file has extension, there no issue , nginx interprets file , return 404 if can't find it. if has no extension, assume it's directory , return 404 when can't find sort of index page. here have now: # security camera domain. server { listen 888; server_name mydomain.com; root /srv/http/zm; # enable php support. include php.conf; location / { index index.html index.htm index.php; } # enable cgi support. location ~ ^/cgi-bin/(.+)$ { alias /srv/cgi-bin/zm/; fastcgi_pass unix:/run/fcgiwrap.sock; fastcgi_param script_filename $document_root/$1; include fastcgi.conf; } } the idea is, under cgi-bin directory goes through fastcgi pipe. any idea on howi can fix this? upon closer inspection, realized zoneminder has 2 cgi sc...
Read more

.htaccess - htaccess convert request to clean url and add slash at the end of the url -

-
ok , searched more 4 days , more 20 posts here in stach or in websites without kind of success first here htaccess file rewriteengine on rewriterule ^([a-za-z0-9_]+)/?$ index.php?page=$1 [nc] rewriterule ^([a-za-z0-9_]+)\/([a-za-z0-9_]+)\/?$ index.php?page=$1&action=$2 [nc] i tried many codes 1 worked me can call request , works me www.example.com/pagename => www.example.com/index.php?page=pagename here questions , please provide me information "in detail" understand code well 1- how convert request automatically www.example.com/index.php?page=pagename www.example.com/pagename 2- if tried add slash @ end shows me page without images or styling mean www.example.com/pagename => works www.example.com/pagename/ => doesn't work that's :) for first part need 301 rule this: rewritecond %{the_request} /index\.php\?page=([^\s&]+) [nc] rewriterule ^ /%1? [r=301,l] for second part use absolute path in css, js, images files r...
Read more