Hi, The best way to add an X.509 Certificate to a security header, without using it for signing or encryption, is to use the WS-SecurityPolicy "SupportingToken" construct. To see how to do this, you could take a look at the X509TokenTest in the WS-Security systests:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?view=markup The WSDL is here. In particular, look at the "DoubleItTransportEndorsingPolicy", which uses an X.509 Certificate to sign the Timestamp in conjunction with using TLS. You could just change the "EndorsingSupportingTokens" to "SupportingTokens" to add the X.509 Certificate as a BinarySecurityToken. http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl?view=markup Colm. On Tue, Jan 17, 2012 at 1:50 AM, cxfnewbie <[email protected]> wrote: > Hi, > > I'm trying to add a X.509 security token or binary token in the header of a > soap message using CXF. Most examples that I see using x.509 is for signing > or encrypting the message with x.509 certificate. I'm interested in adding > an X 509 token the same way a SAML token would be added. I noticed that CXF > only supports timestamp, username and saml token with x509 support for > signing and encrypting, or at least from the website. Does anyone know of > any way to do what I'm asking for? I noticed there is a CXF ticket for > adding x 509 token, but I don't know if it's been developed or not. > > I also found some suggestions on manually adding the 509 token in the soap > message using soap factory. I may have to resort to doing that if nothing > is built in, but it would be nice if there is a way for me to just configure > cxf to do so. > > Thanks, > Wendy > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/x-509-security-token-tp5150380p5150380.html > Sent from the cxf-user mailing list archive at Nabble.com. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
