NonStop SOAP 4.1 User's Manual

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

Table 23 Rampart Specific Assertions

ExampleDescriptionParameter

<rampc:User>Bob</rampc:User>

This denotes the username that must be

used in the UserNameToken.

User

<rampc:EncryptionUser>b

</rampc:EncryptionUser>

This denotes the username that must be

used to retrieve the password of the

private key. You can retrieve the

EncryptionUser

password by using a password

callback provider.

<rampc:PasswordType>Digest

</rampc:PasswordType>

This denotes the password type to be

used in UserNameToken. The valid

values are plainText or Digest.

PasswordType

<rampc:PasswordCallbackClass>

/usr/tandem/nssoap/t0865h01_AAL/sample_services/

This denotes the path to the password

provider library that provides the

PasswordCallbackClass

sec_echo/service/libpwcb.so

</rampc:PasswordCallbackClass>

password required to create the

UsernameToken or to sign the message.

<rampc:AuthnModuleName>

/usr/tandem/nssoap/t0865h01_AAL

This denotes the path to the

Authentication Module library. This can

AuthnModuleName

/sample_services/sec_echo/service

/libmod_authn.so</rampc:AuthnModuleName>

be used on the server side if you want

to have your own authentication logic

for validating the UserNameToken. The

Rampart module invokes this library by

passing the username and password.

<rampc:ReceiverCertificate>

/usr/tandem/nssoap/t0865h01_AAL/sample_services

This denotes the Path to the receiver’s

public key.

ReceiverCertificate

/sec_echo/service/alice_cert.cert

</rampc:ReceiverCertificate>

<rampc:Certificate/usr

/tandem/nssoap/t0865h01_AAL/sample_services

This denotes the Path to the public key.Certificate

/sec_echo/service/bob_cert.cert

</rampc:Certificate>

<rampc:PrivateKey>/usr

/tandem/nssoap/t0865h01_AAL/sample_services

This option denotes the path to the

private key.

PrivateKey

/sec_echo/service/bob_key.pem

</rampc:PrivateKey>

<rampc:TimeToLive>10</rampc:TimeToLive>

This is used to create the Expires

element in the TimeStampToken. This

TimeToLive

parameter can be used to specify the

validity time for the message.

<rampc:ClockSkewBuffer>

10rampc:ClockSkewBuffer>10

</rampc: ClockSkewBuffer>

This option is used to adjust the server

time while validating the

TimeStampToken, if the client and

server clocks are not in sync. The

ClockSkewBuffer

TimeStampToken is considered valid

only if Message Created time in

the Request < Current time

of the Server < Message

Expires time in the Request.

If ClockSkewBuffer is mentioned, it is

added to the server time, while

validating the TimeStampToken. The

value is in seconds.

<rampc:PrecisionInMilliseconds>

truerampc:PrecisionInMilliseconds>

true</rampc:PrecisionInMilliseconds>

If this flag is set to true, the Rampart

module creates and validates the

TimeStampToken with milliseconds

precision.

PrecisionInMilliseconds

276 WS–Security in NonStop SOAP 4