Hi, What if the Server got 3 public keys (alias1, alias2, alias3) and we want to use only the second one to verify the signature! How can we do this with CXF ? i beleive that we have to override something in the IN interceptor.
Regards, cLaSic Mayank Mishra-3 wrote: > > Hi, > > One way of doing this is by specifying Alias name in trust store related > assertions/configuration specified using the WS-Security Policy. You can > specify this assertion at policy bound to Binding/Port/Service level. > > But since the scenario has different client each with its own private > key, either you can use the BST signature key reference Identifier in > which client sends the public certificate embedded in the secured message. > or in the WS-SecurityPolicy, you can specify an KeyValueToken as a > token type, then the Security engine would output an RSAKeyValue key in > the security header which is the public key certificate I guess. > > But in both cases, on the receiving side, we require to write a callback > handler to extract, validate and reinsert the certificate in the context > to use it. > > With Regards, > Mayank > > cLaSic wrote: >> Hi all, >> >> I have a general question about WS-Security : How the server select a >> certificat from the thruststore to authenticate the client signature ? we >> suppose that we have a lot of client, and each one has it's private key, >> of >> course the server has also each client public key. >> >> Regards, >> cLaSic >> > > > -- View this message in context: http://www.nabble.com/WS-Security-how-the-server-select-a-certificate-tp25795612p25863975.html Sent from the cxf-user mailing list archive at Nabble.com.
