On Fri, 2008-08-29 at 15:58 -0700, Glen Mazza wrote: > BTW, do you know of any web-available articles on signing with username > tokens? I'd like to read up more on this so I can understand it better.
That's an excellent question. I wasn't able to scrape together a definitive resource, but here are some links that may be useful: Some stuff from MSDN: http://msdn.microsoft.com/en-us/library/aa529558.aspx Article discussing how to do it with .NET: http://www.codeproject.com/KB/XML/WSE30UsernameAssertion.aspx?display=Print Code sample that I used to generate my client code: http://www.mail-archive.com/[EMAIL PROTECTED]/msg02035.html Beyond that, I looked through some of the CXF and WSS4J code to try to determine what's going on. org.apache.ws.security.action.UsernameTokenSignedAction is the WSS4J class that does a lot of the gruntwork. I'd be happy to hear if you find any more references to using this sort of digital signature. -Steve
