Hi Thomas,
> So, this is something i don't get:
> I only add add a signatureToken and still rampart tries to add an
> encryptionToken?!
> It looks like it is impossible to add a signature without an
> encryptionToken.
--
According to WS - Security Policy Specification, a symmetric binding
has to have either a protection token or both encryption token and
signature token.
<sp:SymmetricBinding ... >
<wsp:Policy>
(
<sp:EncryptionToken ... >
<wsp:Policy> ... </wsp:Policy>
</sp:EncryptionToken>
<sp:SignatureToken ... >
<wsp:Policy> ... </wsp:Policy>
</sp:SignatureToken>
) | (
<sp:ProtectionToken ... >
<wsp:Policy> ... </wsp:Policy>
</sp:ProtectionToken>
)
...
</wsp:Policy>
</sp:SymmetricBinding>
This how the symmetric binding works when a protection token is defined.
The web service client creates an encrypted key by encrypting a random key
using the web service's public key. Then this encrypted key is used to sign
and encrypt the messages back and forth. So only the web service need to
have a key pair to do symmetric binding. If the web service need to authenticate
the client, then a X509 token can be used as an endorsing supporting token.
When an endorsing supporting token is used, the client signs the
message signature
again generating a second signature ( To do this client has to have
the private key
of his X509Token, so the client can be authenticated ).
In your case, are you using web service's X509 certificate ?
Thanks,
/nandana
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
