How to enforce Timestamp validation when enforcing UsernameToken Authentication policy?
Article ID: KB0083952
Updated On:
| Products | Versions |
|---|---|
| TIBCO API Exchange | ALL |
Description
This article provids sample policy/resource files to configure APIX-G to enforce Timestamp validation when along with UsernameToken Authentication policy.
Issue/Introduction
This article provids sample policy/resource files to configure APIX-G to enforce Timestamp validation when along with UsernameToken Authentication policy.
Environment
All Supported Platforms
Resolution
Description of the attached three files.
- UT_TimeStamp_Auth_WSSLdapAsp.policy, the policy
(Note this is different from the shipped sample "AuthenticationByUsernameToken.policy").
- WSS_LdapAsp.properties, the LDAP resource
(Different from the usual sample LdapAsp.properties).
can be used to achieve this functionality.
UT-Timestamp-Auth.txt is the sample log showing:
- 1st was processed successfully, it had a new Username Token and Timestamp.
- 2nd request, after replaying the 1st, it was rejected as it had the same Username Token.
- 3rd request, new Username Token but invalid Timestamp was rejected.
- UT_TimeStamp_Auth_WSSLdapAsp.policy, the policy
(Note this is different from the shipped sample "AuthenticationByUsernameToken.policy").
- WSS_LdapAsp.properties, the LDAP resource
(Different from the usual sample LdapAsp.properties).
can be used to achieve this functionality.
UT-Timestamp-Auth.txt is the sample log showing:
- 1st was processed successfully, it had a new Username Token and Timestamp.
- 2nd request, after replaying the 1st, it was rejected as it had the same Username Token.
- 3rd request, new Username Token but invalid Timestamp was rejected.
Attachments
Feedback
Yes
No
Powered by
