I am trying a WSS4J assisted client to generate security headers that can
meet the policy (DoubleItTransportEndorsingPolicy + usernametoken); the
issue is how do I tell to generate <EndorsingSupportingToken>. Instructions
available from DoubleIt test cases, are using WSPolicy interceptors. I want
to make sure this token can be generated (how) for my clients coming via
WSS4J or WCF.
Currently I do,
wss4jOut.setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.TIMESTAMP + " "
+ WSHandlerConstants.USERNAME_TOKEN + " " +
WSHandlerConstants.SIGNATURE);
which obviously is missing this additional token, and therefore my server
would complain
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EndorsingSupportingTokens:
The received token does not match the endorsing supporting token requirement
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The
received token does not match the token inclusion requirement
Any help or pointers much appreciated.
>>>>>>>>>>>>>>>>>>
<wsp:All>
<sp:TransportBinding>
...
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
--
View this message in context:
http://cxf.547215.n5.nabble.com/WSS4J-Endorsing-Supporting-tokens-tp5470082p5470082.html
Sent from the cxf-user mailing list archive at Nabble.com.
