|
|
|
To prevent replay attacks using WS-Security Username and Password Digest tokens, a configurable "freshness" restriction on the age of the token has been added to the WS-Security Authentication scheme. (The default token age restriction is 60 minutes.)
As of SOA Security Manager r12.1 CR1, the default behavior of the WS-Security authentication scheme is therefore to reject authentication for any request whose Username and Password Digest token was created more than 60 minutes ago according to its <wsu:Created> timestamp. For more information, see the Policy Configuration Guide.
You can change the token age restriction for Username and Password Digest tokens by modifying the XmlToolkit.properties file of each SOA Agent and SOA Security Gateway. For more information, see the SOA Agent Configuration Guide and the SOA Security Gateway Configuration Guide.
| Copyright © 2009 CA. All rights reserved. | Email CA about this topic |