Encrypting UsernameTokens in WSE2

Thanks Benjamin for this info on how to encrypt a UsernameToken. I didn’t happen to see it anywhere else. I mostly liked looking at the soap message to see the effect (note that username=”John”, password=”Doe” and I am hashing the password in both cases and then encrypting the UsernameToken in the AFTER). Cool! I love this stuff. It’s like a big game. Based on the length of the encrypted UsernameToken, can you tell what I used to encrypt it with?

BEFORE

<wsse:UsernameToken wsu:Id=”SecurityToken-87259cd0-5a08-4a51-881e-fa901b96d5d9>
  <wsse:Username>john</wsse:Username>
  <wsse:Password Type=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest>z1YyKPkZdyPd0Hfs86gKWgQRurs=</wsse:Password>
  <wsse:Nonce>14KcMOY5cCTeMCTNPeCypA==</wsse:Nonce>
  <wsu:Created>2004-11-02T22:35:43Z</wsu:Created>
  </wsse:UsernameToken>
 
and AFTER
<wsse:UsernameToken wsu:Id=”SecurityToken-428cde88-3f56-47bd-8d09-e5efef45fca3>
<xenc:EncryptedData Id=”EncryptedContent-caa96918-e4ee-41c0-bafc-9b9740c6feea Type=”http://www.w3.org/2001/04/xmlenc#Content xmlns:xenc=”http://www.w3.org/2001/04/xmlenc#>
  <xenc:EncryptionMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#aes128-cbc />
<xenc:CipherData>
  <xenc:CipherValue>4xon7GAwNMsX3hU9kJ2atKGCf3bVbj/W6G5JsLV2lirb
WPyLuXcVG1bhzxeY6RPB1sElmVKMCz6iqfsC1yP
q/+HjhDKb5dB8h1NwPMSIkFbIkikHl3RyXSgUhtF
xUayFNAsef/Nq6XqN4WqwjWFG+x6il86Mf/x3O
IsojxHxVrqkyNbMw5OmHjbQBiM8bYFIpEDnk
1bYXB7zerytLP1zhPkBL+91ZptyTdZI2m3kFqc5e
/wtyFQInZ02ePhfUDPTc0jSlHDLPfDUN/doEkexe
Q264gYjWzXq1jaSFptxLDzcgOoH3f9AoQKsCitl
wo3tY2rLnK8lLgUOhjqbNV2FIiTwV/7aAVzhNmL
WzZdnBHRtA82X3jiqMtrvcyG2D0IDYfzFdLevp1
QPyil6Q9vaGr4I3yaUlqcgL+Ap5xn52lupxC+rv
Jv+xL2Xc9vKJaICsx8ib4ThGLod/damll3XO/1fbho1
NUU06nbMplzcifajNaVRsM4GbdLFsQfwp5rY1mePJpsjGq
m2hw7c1yxnlu4hCjDLdaxQU0H0IbPOlCufi6TT9jU+nPn
sCYg8p6sZXtKAoA4LAhgyKRduJMJmyV0Kjdh1pRUy4X
HKWxW1cxU/k4fC5VYaaDIpK6WK3eXcyoQ/RTRUzW4f
qeLgrUr6qXSSFF7WqZb4M+ZQYqqLl5Geq8AgPJrMNKC
xp1R1kQBFGwCRMALLR6L8BV0QhJgyIczuFyXSlpjJNSH
YJqBvTAeMTZwiIsmZeLTqgIFnMQ11XuGk8sc/P70ByYJ
WNP0Axt1I1gpjONzV4cwgu//fZD6DCRC4YW4NDBQAL
J687nfezcENZuBAHqUOxb7d/PRHcgCX0C1ggso63eOg
3XWFrvN+QreU3xmAEGJNZJCJFXeav+mg52lzJGCV15
Dv85ziccHHctOUxLYjIbaD647NDM4=</xenc:CipherValue>
  </xenc:CipherData>
  </xenc:EncryptedData>
  </wsse:UsernameToken>


Posted from BLInk!

  Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!  

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.