on 06-12-2014 2:02 AM
Hello Experts,
Please suggest what is the use of "timestamp.max.clock.skew" property for service component "tc~sec~wssec~service" (Web Service Security).
And, if the value is given in milliseconds or seconds?
Thanks & Regards,
Ankit Srivastava
Hello Ankit
This is a security feature to guard against replay attacks. Essentially the security timestamp when the message was created is only valid for a limited time and expires after that. But for this to work the service and the client have to agree on a common time within a tolerance. This is what the maxclockskew setting does.
The value is set in seconds.
Thanks,
Tapan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Tapan,
Much appreciate your help. Nice explanation.
The default value for this property is set to 300. Does it mean SAP by default allows a time skew of 5 minutes?
Also, this skew time does not help when the <wsu:Expires> is available as part of <wsu:Timestamp>. If this is the way it is supposed to work?
Any request with <wsu:Created> future timestamp is also accepted. Is it expected behaviour?
Thanks,
Ankit
User | Count |
---|---|
92 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.