2

I read https://www.oasis-open.org/committees/download.php/13392/wss-v1.1-spec-pr-UsernameTokenProfile-01.htm and I know how to generate the Nonce and the Password. I have a doubt about UsernameToken wsu:Id.

  1. What should be value of wsu:Id attribute.
  2. Can it be default random one?

  3. How can I generate it?

    <wsse:UsernameToken wsu:Id="UsernameToken-1314D8CB1A76EFB5F614902572284093" xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility">
<wsu:Created>2014.02.10T-09:12:00Z</wsu:Created>
<wsse:Username>Username</wsse:Username>
<wsse:Nonce EncodingType="UTF-8">KFIy9LgzhmDPNiqU/B9ZiWKXfEVNvFyn6KWYP+1zVt8=</wsse:Nonce>
<wsse:Password Type="wsse:PasswordDigest">CxWj1OMnYj7dddMnU/DrOhyY3j4</wsse:Password>

Jarmark
  • 131
  • 2
  • 11

1 Answers1

0

What should be value of wsu:Id attribute.

It can be a random sequence of characters (I noticed that even its length is arbitrary).

Can it be default random one?

As above, definitelly yes.

How can I generate it?

It's random, so use any inbuilt function which provide random string. For example (C#):

string usernameTokenId = $"UsernameToken-{Guid.NewGuid().ToString()}";

In my case I used not only wsu:Id="UsernameToken-..." but also wsu:Id="SecurityToken-..." and it was still working.

1_bug
  • 5,505
  • 4
  • 50
  • 58