Hi,
We don't support BinarySecurityToken SupportingToken policies on their own
in CXF (i.e. without a security binding). The reason being is that they are
largely pointless - you mention wanting an X.509 cert for authentication,
but as there is no signature, there is no proof-of-possession
Hello,
I'm working on WS-Security based authentication with an X509 certificate
for a JAXWS service. I'm looking for help/confirmation on what a valid
Policy would look like in the WSDL. Most X509 policy examples include
signing/encryption, which I do not need (based solely on my requirements).