KDAB · tizbac · Feb 28, 2023 · Feb 28, 2023
diff --git a/src/KDSoapClient/KDSoapAuthentication.cpp b/src/KDSoapClient/KDSoapAuthentication.cpp
@@ -28,6 +28,7 @@ class KDSoapAuthentication::Private
     bool useWSUsernameToken = false;
     QDateTime overrideWSUsernameCreatedTime;
     QByteArray overrideWSUsernameNonce;
+    bool omitNonceCreatedFromUsernameToken = false;
 };
 
 KDSoapAuthentication::KDSoapAuthentication()
@@ -104,6 +105,16 @@ bool KDSoapAuthentication::useWSUsernameToken() const
     return d->useWSUsernameToken;
 }
 
+void KDSoapAuthentication::setOmitNonceCreatedFromUsernameToken(bool omitNonceCreatedFromUsernameToken)
+{
+    d->omitNonceCreatedFromUsernameToken = omitNonceCreatedFromUsernameToken;
+}
+
+bool KDSoapAuthentication::omitNonceCreatedFromUsernameToken() const
+{
+    return d->omitNonceCreatedFromUsernameToken;
+}
+
 QDateTime KDSoapAuthentication::overrideWSUsernameCreatedTime() const
 {
     return d->overrideWSUsernameCreatedTime;
@@ -162,13 +173,18 @@ void KDSoapAuthentication::writeWSUsernameTokenHeader(QXmlStreamWriter &writer)
 
     writer.writeStartElement(securityExtentionNS, QLatin1String("Security"));
     writer.writeStartElement(securityExtentionNS, QLatin1String("UsernameToken"));
+    if (!d->omitNonceCreatedFromUsernameToken) {
+        writer.writeStartElement(securityExtentionNS, QLatin1String("Nonce"));
+        writer.writeCharacters(QString::fromLatin1(nonce.toBase64().constData()));
+        writer.writeEndElement();
+
+        writer.writeStartElement(securityUtilityNS, QLatin1String("Created"));
+        writer.writeCharacters(timestamp);
+        writer.writeEndElement();
+    }
 
-    writer.writeStartElement(securityExtentionNS, QLatin1String("Nonce"));
-    writer.writeCharacters(QString::fromLatin1(nonce.toBase64().constData()));
-    writer.writeEndElement();
-
-    writer.writeStartElement(securityUtilityNS, QLatin1String("Created"));
-    writer.writeCharacters(timestamp);
+    writer.writeStartElement(securityExtentionNS, QLatin1String("Username"));
+    writer.writeCharacters(d->user);
     writer.writeEndElement();
 
     writer.writeStartElement(securityExtentionNS, QLatin1String("Password"));
@@ -185,10 +201,6 @@ void KDSoapAuthentication::writeWSUsernameTokenHeader(QXmlStreamWriter &writer)
     }
     writer.writeEndElement();
 
-    writer.writeStartElement(securityExtentionNS, QLatin1String("Username"));
-    writer.writeCharacters(d->user);
-    writer.writeEndElement();
-
     writer.writeEndElement();
     writer.writeEndElement();
 }
diff --git a/src/KDSoapClient/KDSoapAuthentication.h b/src/KDSoapClient/KDSoapAuthentication.h
@@ -87,6 +87,14 @@ class KDSOAP_EXPORT KDSoapAuthentication
      */
     bool useWSUsernameToken() const;
 
+    /**
+     * Workaround some broken implementations like on some italian institutions
+     * Remove Nonce and Created from UsernameToken
+     */
+    void setOmitNonceCreatedFromUsernameToken(bool omitNonceCreatedFromUsernameToken);
+
+    bool omitNonceCreatedFromUsernameToken() const;
+
     /**
      * Sets the created time used during WS-UsernameToken authentication
      * This is useful for devices with an incorrect time and during testing