Fred, Thanks for the tip. Forgive me (I'm most likely wrong!) but that looked like a Username token not an X.509 token request. I've been digging around in http://xfire.codehaus.org/WS-Security but I can't see any wisdom there.
Anything else? :) Sincerely, Ada Fred Dushin-3 wrote: > > All I can recommend is that you have a look at the WS-Security system > test in CXF: > > http://svn.apache.org/repos/asf/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/ > > It's based loosely off a WS-Security interoperability scenario with > WCF, and uses signature with the DirectReference method, which will > send the client's X.509 certificate directly in the SOAP header. > -- View this message in context: http://www.nabble.com/Q%3A-WS-Security-X.509-Certificate-Token-Profile-tp16656740p16671272.html Sent from the cxf-user mailing list archive at Nabble.com.