5 Replies Latest reply: Mar 1, 2013 4:34 AM by user9024636 RSS

    custom WS-Policy in OSB 11g - <wsu:timestamp> not first in header

    user9024636
      A custom WS-policy is configured on an OSB 11g Business Service for encrypting a part of the message header (UsernameToken part is being encrypted). This is working fine.

      We need to modify this WS-Policy to add Timestamp to the WS security header. We tried adding <MessageAge> assertion to the policy - this is working fine except that the timestamp element is not coming as the first element in security header - instead EncryptedKey is the first element. For example, the output is like below:

      <soapenv:Header>
      <wsse:Security>
      <ns1:EncryptedKey>
           ...
      </ns1:EncryptedKey>
      <wsu:Timestamp>
      <wsu:Created>2013-02-19T09:39:20.263-06:00</wsu:Created>
      <wsu:Expires>2013-02-19T09:44:20.263-06:00</wsu:Expires>
      </wsu:Timestamp>
      <ns1:EncryptedData>
      ...
      </ns1:EncryptedData>
      </wsse:Security>
      </soapenv:Header>

      OWSM is not an option as client do not want it yet.

      If anyone knows the solution, kindly let me know.

      Thanks.