I need to access a SOAP webservice using the UserToken profile authentication. By generating manually the request with SOAP UI, authentication works correctly. But with Denodo I receive an authentication error message.
After investigations it appears the message generated by Denodo differs from mine on the <wsu:Created> mark.
I currently use the format:
<year 4 digits>-<months 2 digits>-<days 2 digits>T<hours 2 digits>:<minutes 2 digits>:<seconds 2 digits>Z
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-a8a99e54-c7e8-4bfd-ba6f-352f2aa8a4f0">
<wsse:Username>username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">pGeWVKgrFAjKquhfsZq+QGZgcsQs=</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">SDW12f8d12VgGH6gl4qTEw==</wsse:Nonce>
<wsu:Created>2021-01-18T18:05:02Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
Where Denodo is using the format:
<year 4 digits>-<months 2 digits>-<days 2 digits>T<hours 2 digits>:<minutes 2 digits>:<seconds 2 digits>.<miliseconds 3 digits>Z
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-a8a99e54-c7e8-4bfd-ba6f-352f2aa8a4f0">
<wsse:Username>username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">pGeWVKgrFAjKquhfsZq+QGZgcsQs=</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">SDW12f8d12VgGH6gl4qTEw==</wsse:Nonce>
<wsu:Created>2021-01-18T18:05:02.486Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
I looked in the oasis documentation but didn't find a document describing the allowed format for the <wsu:Created> mark for a SOAP security header.
Does anyone know where I can find the description for the allowed format for this field?
Thanks in advance
If you follow the XSD schema for the wsu namespace, you will see it points to http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
No luck though in getting a description of the value. However, if you look for the specification document you find https://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf
This documents describes the wsu namespace and also mentions:
This specification defines and illustrates time references in terms of the xsd:dateTime type defined in XML Schema. It is RECOMMENDED that all time references use this type.
So it's the standard dateTime type from the XML Schema. The fractional seconds by the way are optional, so I'm not sure why you get an error because of it. Are you sure it's not a red herring?