Hello there! I'm trying to improve security on a application suite we have here by adding ws-security encryption. We were using just ws-security's Username Token for authentication, but now we need to encrypt message's content because some sensitive information will be added to it.
We use JBossWS running on "JBoss-4.2.3.GA" at server side and axis2c/rampartc on clients side. First problems we detected was the absense of tokenReference configuration what led us to a clear message on server "Invalid message, SecurityTokenRefence is empty". Having a closer look at JBossWS configuration I've noticed that it accepts 3 types of token references, that are: directReference *(default*), keyIdentifier and x509IssuerSerial. I couldn't find a usable rampartc policy file configuration for first option "directReference" and I'm not sure if it's provided at all. I've found a reference for second option "keyIdentifier" but the addition on policy file (through "<sp:RequireKeyIdentifierReference/>" tag) resulted again on empty SecurityTokenReference, and the last option "x509IssuerSerial" works for rampartc but server refuses it. So, I would like to ask someone about the other two options "directReference" and "keyIdentifier" token references. Does anyone know how to config rampartc policy file to send those kind of token references? Note.: I'm using axis2c version 1.6.0 and rampartc version 1.3.0. Thanks a lot and best regards, Mauro.
