Hello, I'm trying to build a policy file that would : - use AsymmetricBinding policy, - add the usernametoken to the security header, - Sign and Encrypt that usernametoken.
To sign and Encrypt the usernametoken, I've been trying to use the <sp:SignedEncryptedSupportingTokens> assertion. This results in the usernametoken simply not being added to the header... I had a look at the rampart bug archive, and found RAMPART-34 which is very close, however it describes a situation where a <sp:TransportBinding> is used, which is not the case for me. Looking deeper into axis code, I ended looking at the following code : RampartUtil.isSecHeaderRequired method. It seems that this method cheks for : - SupportingTokens, - SignedSupportingTokens, - EndorsingSupportingTokens, - SignedEndorsingSupportingTokens to decide wether a security header is required or not. This results in Rampart considering there is no need for a security header, whereas when I only use a <sp:SignedSupportingTokens> assertion, it does. I do not understand why this method does not check for the others assertions which would also encrypt : - SignedEncryptedSupportingTokens - EncryptedSupportingTokens - EndorsingEncryptedSupportingTokens - SignedEndorsingEncryptedSupportingTokens Am I missing something or is this a bug in Rampart? Regards -- View this message in context: http://old.nabble.com/-Axis2-1.4.1---Rampart-1.4--AsymmetricBinding-and-SignedEncryptedSupportingTokens-policy-not-appied-on-Usernametoken-tp27256538p27256538.html Sent from the Axis - User mailing list archive at Nabble.com.
