|
What I have seen in the code (WSSecurityEngine.java),
wss4j doesn’t handle BST while processing a response. It only handles currently signature,
encrypted key, and username token.
Is it true? So if a server sign a message using a cert and send the
public key in the message, there is no way for wss4j client to verify the
message using the token sent. Is it in the works? Work around? thanks |
