Each wsse:UsernameToken contains a timestamp inserted into the
<wsu:Created> element. Using this timestamp together with
the details entered in this section, the Enterprise Gateway can determine whether the WS-Security
UsernameToken has expired. The <wsu:Created>
element is as follows:
| | |
|
<wsse:UsernameToken wsu:Id="oracle"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility">
<wsu:Created>2006.01.13T-10:42:43Z</wsu:Created>
...
</wsse:UsernameToken>
| |
| | |
|
To configure token validation settings, complete the following fields:
Drift Time:
Specified in seconds to account for differences in the clock times between
the machine on which the token was generated and the machine running the
Enterprise Gateway. Using the start time, end
time, and drift time, the token is considered
valid if the current time falls between the following times:
| | |
|
[start - drift] and [start + drift + end]
| |
| | |
|
Validity Period:
Specifies the lifetime of the token, where the value of the
<wsu:Created> element represents the
start time of the assertion, and the time period
entered represents the end time.
Timestamp Required:
Select this option if you want to ensure that the Username Token contains
a timestamp. If no timestamp is found in the Username Token, a SOAP Fault
is returned.
Nonce Required:
Select this option to ensure that the Username Token contains a
<wsse:Nonce> element. You can use the
combination of a timestamp and a nonce to help prevent replay attacks.
|