-
1. Re: WF10,WS-Security, password digest work only with plain text password in properites file
mchoma Aug 4, 2016 1:09 AM (in response to krokodylowy)I think you should set hashUserPassword = true.
-
2. Re: WF10,WS-Security, password digest work only with plain text password in properites file
krokodylowy Aug 4, 2016 3:20 AM (in response to mchoma)User password is already hashed by WS client (SoapUI WSS-PasswordType=PasswordDigest).
Password stored in ws-users.properties is unencrypted and dynamically hashed by UsernameTokenCallback nad UsernameTokenCallback.
The question is how to encrypt local password for this mode WSS-PasswordType=PasswordDigest.
Currenty we can do this only for old http digest method which use MD5 and RFC2617 but this is not ws-security.
I suppose the problem is very old [JBESB-3723] Add support for WS-Security UsernameToken with digested password, nonces and timestamps. - JBoss Issue Trac…
-
3. Re: WF10,WS-Security, password digest work only with plain text password in properites file
krokodylowy Aug 4, 2016 8:37 AM (in response to krokodylowy)Correct workaround is VAULT.
- use Masking passwords for WildFly using non-interactive VaultTool and vault.sh to encrypt password and store in security vault
- in user.properties for user 'wsuser' replace password with result of "Configuration should be done as follows:" (generated above) for example
wsuser=VAULT::ws::ws-user1::1
- add generated in step 1 <vault>...</vault> section to standalone.xml