How is «oro:wsse:generate-header» implemented?

wsse-authentication
api-key
web-api
(Dmitry Fedyuk) #1

Oro\Bundle\UserBundle\Command\GenerateWSSEHeaderCommand::execute()

escape_wsse_authentication.encoder is the SHA-1 hash function:

Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder::encodePassword()

The WSEE digest algorithm is described here: https://marketing.adobe.com/developer/documentation/authentication-1/wsse-authentication-2#section_827C0D230FCB467CA337929C515093DB

0 Likes

How is the WSSE authentication implemented in Oro Platform?
How to generate the WSEE authentication headers for the Web API?
Security issue: the API keys are stored in the database as a plain text and are used without a salt
(Dmitry Fedyuk) #2

See also:

0 Likes