Ruchith, DoAll was not designed for these dynamic situations...you will have to modify code to make it happen.
-- dims On Apr 4, 2005 10:39 AM, Ruchith Fernando <[EMAIL PROTECTED]> wrote: > Hi All, > > I'm trying to use the 'DoAll' handlers with a Security Token Service > (STS) and stumbled upon a few problems. :-( > > The requesters of the STS will be sending messages, where parts will > be signed by their respective private keys and the signature element > and the soap:body element is encrypted by a random key. This random > key is an EncryptedKey which is encrypted by the public key of the > STS. I believe this can be achieved by deploying the WSDoAllSender at > the request path of the request message. The public key certificates > of the requester and the STS are sent in the message. > > I have two problems from this point onwards: > > 1.) Can the DoAllReceiver be configured to decrypt the incoming > message and verify the signatures - provided that the only place where > the handler has access to the public key of the requester (for sig > varification) is from the requester's cert that is sent in the message > security header it self, which can only be accessed after decryption > of the signature element. I think signaturePropFile will not be set in > this instance since the public key cert of the requester is not with > the service. > > 2.) When the STS responds to the RST message with a > RequestSecurityTokenResponse (RSTR) the DoAllSender in the response > path of the STS is expected to encrypt the message with the public key > of the requester that the message was intended to. For this purpose > how can I communicate the appropriate public key to the DoAllSender to > use. I don't see how this is possible using the encryptionPropFile :-( > ,since there are multiple requesters. > > Please let me know if I have made a mistake in my above statements or > if there are any workarounds of these problems. Sample RST and RSTR > messages are attached with this. (Extracted from the WS-RM-SC-T > interop scenarios) > > Thank you very much, > Ruchith > > > -- Davanum Srinivas - http://webservices.apache.org/~dims/
