Non-unique-NONCE header generation
Hi,
We have ~frequently a situation where the nonce-header generated by the soapui client, is generated twice during a test automation run. Thus the server rejects the call, which is - correct for soap security point of view - but is causing issues as it was expected not to fail in the test scenario. Is there are way to improve the randomness of the soapui client nonce-value?
In our the example TA, there is one client and one server node, and the client (mostly) runs the tests in sequential manner. We run tests from 3 different projects, and use multiple suites per project. Still it seems that each soap request, does NOT have a "unique" nonce value set/generated. This also occurs randomly in environments with more parallel clients.
We use linux debian, and ant triggered build execution, with soapui version 4.0.1.
Is it possible that the algorithm used for nonce generation is not threadsafe or is relying heavily on same "millisecond" when creating a "random" nonce?
Cheers
-LL
We have ~frequently a situation where the nonce-header generated by the soapui client, is generated twice during a test automation run. Thus the server rejects the call, which is - correct for soap security point of view - but is causing issues as it was expected not to fail in the test scenario. Is there are way to improve the randomness of the soapui client nonce-value?
In our the example TA, there is one client and one server node, and the client (mostly) runs the tests in sequential manner. We run tests from 3 different projects, and use multiple suites per project. Still it seems that each soap request, does NOT have a "unique" nonce value set/generated. This also occurs randomly in environments with more parallel clients.
We use linux debian, and ant triggered build execution, with soapui version 4.0.1.
Is it possible that the algorithm used for nonce generation is not threadsafe or is relying heavily on same "millisecond" when creating a "random" nonce?
Cheers
-LL