Layer7 API Management

Expand all | Collapse all

we want to use WSS-Passwordtype property to  REST API.What is the Assertion we can use for it.

  • 1.  we want to use WSS-Passwordtype property to  REST API.What is the Assertion we can use for it.

    Posted Mar 14, 2019 09:59 AM

    we want to use WSS-Passwordtype property to  REST API.What is the Assertion we can use for it.



  • 2.  Re: we want to use WSS-Passwordtype property to  REST API.What is the Assertion we can use for it.

    Broadcom Employee
    Posted Mar 14, 2019 12:42 PM

    Good morning,

     

    WSS Password Type is a SOAP based concept that will outline if the password in the XML payload is plain text or digest. For Digest, you can use the Require Ws-Security Password Digest Credentials which is a one to one relationship of user to assertion as we need to know the password. For Plain text, you can use the WS-Security UsernameToken Profile Credentials. 

     

    Another option is you can pull the username and password out of the XML payload with Require XPath Credentials and authenticate it against an identity provider.

     

    Sincerely,

     

    Stephen Hughes

    Broadcom Support