06-11-2014 5:35 AM
Hello Experts,
I am configuring a login policy using "DigestLoginModule" at http://<host:port>/nwa/auth . I would like to use option for skew time. What is the correct option for skew time?
Thanks & Regards,
Ankit Srivastava
06-12-2014 5:31 PM
Hello Ankit
I am not sure if you are already aware of this. DigestLoginModule is not supported by SAP. Although DigestLoginModule is available in sap documentation and also available in the list of available login modules in visual admin and nwa, but it does not work and was not meant to work in the past. I have asked the responsible colleagues in sap to change sap documentation accordingly. It will take some time. I faced similar situation with another customer and this what i told him too.
Please post back should you need any further clarification.
Cheers
Tapan
06-11-2014 7:08 AM
Hi Ankit,
what should be the purpose of skew time for digest authentication?
As you tagged the thread being related to WSSEC, do you refert to WS-Security based authentication? This should be part of the sender agreement. Please check the docs for more info on this.
Kind regards,
Patrick
06-11-2014 8:12 AM
Hello Patrick,
Thanks for a quick reply.
In WS-Security header, I want to use time skew to allow for any small variation in the clocks of sender & PO system.
I am using SOAP Adapter with AXIS to define & use username token andwsu:Timestamp. I am not sure as where to define the time skew in this case. Please suggest.
Regards,
Ankit
06-11-2014 9:34 AM
06-12-2014 1:00 AM
06-12-2014 6:26 AM
Hi Ankit,
The feature is simply not called time skew but validity peroid. As written in the docs:
In addition, you specify a validity period in the sender agreement, within which the delivery of a message is accepted (based on the time stamp).
So you have to set the timestamp on one end (this is what you already did) and specify a permitted difference between timestamp and actual time the message was received.
Please see the part on 'Security Settings for Time Stamp and Expiry Date of Signature' in the docs.
Regards,
Patrick
06-12-2014 5:31 PM
Hello Ankit
I am not sure if you are already aware of this. DigestLoginModule is not supported by SAP. Although DigestLoginModule is available in sap documentation and also available in the list of available login modules in visual admin and nwa, but it does not work and was not meant to work in the past. I have asked the responsible colleagues in sap to change sap documentation accordingly. It will take some time. I faced similar situation with another customer and this what i told him too.
Please post back should you need any further clarification.
Cheers
Tapan
06-13-2014 4:17 AM
06-13-2014 4:00 PM
Hello Ankit
Please refer sap help link:
Recommended WS Security Scenarios (Java)
=================================
https://help.sap.com/saphelp_nwce72/helpdata/en/48/8ebbba66be06b2e10000000a42189b/frameset.htm
Regards,
Tapan
03-04-2015 7:50 PM
Hi,
Please read the following note:
http://service.sap.com/sap/support/notes/2028823
It is valid for all releases. The DigestLoginModule is not officially supported by SAP.
BR,
Ivan