cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

timestamp.max.clock.skew property

Go to solution
ankit_srivastava3
Participant

on ‎06-12-2014 2:02 AM

0 Kudos

Hello Experts,

Please suggest what is the use of "timestamp.max.clock.skew" property for service component "tc~sec~wssec~service" (Web Service Security).

And, if the value is given in milliseconds or seconds?

Thanks & Regards,

Ankit Srivastava

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-12-2014 5:16 PM
0 Kudos

Hello Ankit

This is a security feature to guard against replay attacks. Essentially the security timestamp when the message was created is only valid for a limited time and expires after that. But for this to work the service and the client have to agree on a common time within a tolerance. This is what the maxclockskew setting does.

The value is set in seconds.

Thanks,

Tapan

Show replies
Show replies
ankit_srivastava3
Participant
‎06-13-2014 4:26 AM
0 Kudos

Hello Tapan,

Much appreciate your help. Nice explanation.

The default value for this property is set to 300. Does it mean SAP by default allows a time skew of 5 minutes?

Also, this skew time does not help when the <wsu:Expires> is available as part of <wsu:Timestamp>. If this is the way it is supposed to work?

Any request with <wsu:Created> future timestamp is also accepted. Is it expected behaviour?

Thanks,

Ankit

Answers (0)

Ask a Question