You need to use an X509Token policy instead. See here for some examples: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/DoubleItX509.wsdl?view=markup
Colm. On Wed, Apr 25, 2012 at 5:56 PM, semecxf <[email protected]> wrote: > I would like to know if there is way to replace username token with > certificate for authentication? > > How my ws client can send certificate, and how I can intercept the x509 > certificate in soap request> > Here is policy for user token for authentication, what is the equivalent fot > x509 certificate? > > > <wsp:Policy wsu:Id="UsernameToken_Policy" > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> > > <sp:SupportingTokens > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:UsernameToken > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";> > <wsp:Policy> > <sp:WssUsernameToken11/> > </wsp:Policy> > </sp:UsernameToken> > </wsp:Policy> > </sp:SupportingTokens> > </wsp:Policy> > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/X509-Certificate-for-authentication-tp5665430p5665430.html > Sent from the cxf-user mailing list archive at Nabble.com. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
