api,symfony2,fosuserbundle,ws-security,wsse
Ok, I just found the problem... In my authentificate method (WsseProvider Class), I did return nothing ! BEFORE (doesn't works): public function authenticate(TokenInterface $token) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); if(!$user){ throw new AuthenticationException("Bad credentials... Did you forgot your username ?"); } if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { } }...
Here's the code I use to extract a public key from a certificate. I use it for public key pinning, so it uses a SSL* from the connection. Essentially, you call len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL) one time to get a length, and then call len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), buffer) a second...
angularjs,api,symfony2,oauth,wsse
It all depends on what your requirements are. First of all, OAuth 2 is an authentication mechanism/spec which you can use in combination with sessions/bearer tokens/... This also applies for local accounts (since you want to do user registration). FOSAuthServerBundle is a bundle to implement the server-side of the OAuth2...
android,ios,symfony2,sha512,wsse
If you want to reproduce the same encryption as Symfony2 with the 5000 iterations, you can use the following code: - (NSString *)hashPassword:(NSString *)password ansSalt:(NSString *)salt { NSString *passwordSalted = [NSString stringWithFormat:@"%@{%@}",password,salt]; NSData *passwordData = [passwordSalted dataUsingEncoding:NSUTF8StringEncoding]; uint8_t hash[CC_SHA512_DIGEST_LENGTH]; CC_SHA512([passwordData bytes], [passwordData length], hash); NSMutableData *allData = [[NSMutableData alloc] init];...
asp.net,web-services,soap,wsse
Finally I get what I need. Instead of use WS security itself I choose to made custom SoapHeader. Here is my code: Custom SoapHeader class: public class UsernameToken { public string Username { get; set; } public string Password { get; set; } } [XmlRoot("Security", Namespace = "wsse", IsNullable =...
You'll need to add a specific firewall for anonymous access : firewalls: api: pattern: ^/api doc: pattern: ^/api/doc security: false public: pattern: ^/api/public security: false Another option is to allow anonymous users to access these 2 firewalls, I don't know however if it will works with remote curl calls for...