I am relatively new to Webservice Security and I have a problem with security headers.
I want my security header to be accepted like this:
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
Without any timestamps or wsu:Created.
However I have not managed to achieve this.
When sending a request with this header I always get a WSSecurityException telling me that the timestamp is missing. When setting the "include timestamp in header" option to false I get a FailedAuthentication because the wsu:Created element is expected in the UsernameToken section.
What configuration is needed that the UsernameToken-section does not expect a Created part?
Is this even possible?
Thanks
