Hello,
The WS-SecureConversation standard
at
http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.3-os.html
mentions
the following as a way to create a security context token in Section 3:
Security context token created by one of the communicating parties and
propagated with a message – The initiator creates a security context token and
sends it to the other parties on a message using the mechanisms described in
this specification and in [WS-Trust]. This model works when the sender is
trusted to always create a new security context token. For this scenario the
initiating party creates a security context token and issues a signed
unsolicited <wst:RequestSecurityTokenResponse> to the other party
Does Axis2/Rampart support this? If so, can somebody please point me to a
sample
security policy that does this? I am trying to set up a client and a server
such
that the client generates a SCT without contacting a STS and sends it to the
server in a RSTR. I have not found any examples that do this.
Thanks in advance for your help!
Joe
