This discussion is archived
4 Replies Latest reply: Jan 23, 2013 4:07 AM by BillyVerreynne RSS

How to consume Web Service with Password digest from PLSQL

986286 Newbie
Currently Being Moderated
We have Oracle 10g (10.2.0.3.0) 64 bit. We have a situation where we need to consume web service whose security header looks like as follow,

<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-50">
<wsse:Username>weblogic</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">d2enK45chjBPVvvukbYU6OX56kI=</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">YAhEtLJfp4lzycLd3hZYjQ==</wsse:Nonce>
<wsu:Created>2013-01-22T06:28:38.897Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>


Here we need passowrd digest, Nonce and Timestamp.
How to create password digest from PLSQL? or if any other alternatives available please response soon.
  • 1. Re: How to consume Web Service with Password digest from PLSQL
    BillyVerreynne Oracle ACE
    Currently Being Moderated
    Have not had to use digest authentication in PL/SQL, nor seen sample code for it.

    The authentication is described on http://en.wikipedia.org/wiki/Digest_access_authentication - do not see why it should not be doable using PL/SQL.
  • 2. Re: How to consume Web Service with Password digest from PLSQL
    986286 Newbie
    Currently Being Moderated
    Thanks for reply.

    I am bit confused. Can we create password digests in PLSQL or My requirement was not clear to you.

    Basically, I need to create a client in PLSQL to consume web service whose sample security header looks as I have given in previous thread.
  • 3. Re: How to consume Web Service with Password digest from PLSQL
    Carlovski Pro
    Currently Being Moderated
    I'm not that familiar with this, but isn't the idea of digest authentication that you make a failed request to the resource, which responds telling you to use digest authentication, supplying you with the value of 'nonce' and the authentication realm?
    So you will need to make an initial unauthenticated call, consume the reply, extracting the relevant data, then you can construct your authentication header, following the rules in the link Billy supplied. You can generate the MD5 hashes using the DBMS_CRYPTO package.

    Carl
  • 4. Re: How to consume Web Service with Password digest from PLSQL
    BillyVerreynne Oracle ACE
    Currently Being Moderated
    I do not see why it will not be possible to do digest authentication with a web server using PL/SQL.

    As for the digest password - the web server supplies a token (a nonce) which you need to use for creating the hashed authentication token (the digest password). The URL I posted explains this authentication process.

    As for the technical how-to in PL/SQL - as I mentioned, never had to do this (only dealt with Basic and NTLM authentication thus far). But as other auth methods (such as Microsoft's NTLM) can be implemented, I do not see why digest authentication could not.

    Suggest you spend some time googling for technical articles/sample code on the subject - and try to find specific PL/SQL related sample code too.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points