CA API Gateway 9.1

9.4 9.1

Require WS-Security Password Digest Credentials Assertion

The Require WS-Security Password Digest Credentials assertion allows you to require that a WSS Digest token is present with a matching username and password. You can optionally check whether a timestamp or nonce is present, but this assertion does not confirm whether the timestamp has expired nor does it enforce that the nonce is not reused.
gateway90
The
Require WS-Security Password Digest Credentials
assertion allows you to require that a WSS Digest token is present with a matching username and password. You can optionally check whether a timestamp or nonce is present, but this assertion does not confirm whether the timestamp has expired nor does it enforce that the nonce is not reused.
This assertion will succeed if the processed security header of the target message contains at least one WSS Digest Token with a matching username and password.
To learn about selecting the target message for this assertion, see Selecting a Target Message.
To learn more about changing the WSS Recipient for this assertion, see Changing the WSS Assertion Recipient.
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Adding an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. Right-click
    <target>:
     Require WS-Security Password Credentials
    in the policy window and select
    Require WS-Security Signature Properties
     or double-click the assertion in the policy window. 
  3.  Configure the properties as follows:
    Setting
    Description
    Expected Usename
    Specify the expected username in the WSS Digest Token. You may reference context variables.
    Expected Password
    Enter the expected password. You may type a plaintext password, however it is highly recommended that you reference the password using the
    ${secpass.*.plaintext}
     context variable instead.
    Show Password
    Select this check box to display the password as it is being typed. Clear this check box to obfuscate the typed password.
    Require Timestamp
    Select this check box to require that a timestamp be present.
    This assertion does not confirm whether the timestamp has expired.
    Require Nonce
    Select this check box to require that a nonce is present.
    This assertion does not enforce whether the nonce is not reused.
  4. Click [
    OK
    ] when done.

Content feedback and comments