WSSE implementations or test rigs?
I'm trying to get WSSE authentication to work with the 43things API, only I'm screwing something up and all I get back is a "200 OK" header and an empty response.
Are there any sites that actually support Atom-style X-WSSE authentication except 43things? The AtomPubTesting page doesn't show any, and Blogger's Atom endpoint just tells me I'm sorry, we only support BASIC Authentication over SSL
. Mark's XML.com article is two and a half years old now, but still I can't find any mention of (or link to any mention of) WSSE in the latest Atom-Pub draft. Come on guys, wasn't Atom meant to be better-documented than RSS and the metaWeblog API?
Aha - finally figured out that Movable Type supports the Atom API. Not sure how a client is meant to figure that out, though - the only mention of editing is the <link rel="EditURI"> element, which points to an RSD file that only mentions the metaWeblog and Blogger-v1 endpoints. Then when you go to mt-atom.cgi
, it just says "1" until you figure out that the endpoint is actually mt-atom.cgi/weblog/
. But now - finally I see a WWW-Authenticate: WSSE profile="UsernameToken"
header - so I can get on to my testing!
Update: Clock skew will be an issue with WSSE; is there an accepted way for a client to sync time with a server?
Note: MT's WSSE implementation differs from that in Mark's XML.com article; in MT, the Nonce parameter is expected to be encoded with base64.
Update 2: I now have my code generating X-WSSE headers that MT is accepting as valid. Still no luck with 43things, though.