I believe Colm was referring to the fact that you will still need your
own private key to sign requests, not the server's private key. With
the server's public key you can only validate server signatures as well
as encrypt so that only the server can read the message.
Glen
On 04/11/2013 01:05 PM, Rubicon wrote:
Okay, I was thinking the same thing, since all the docs I found referenced
the certificate password...
And yes, that is exactly what I am trying to do... I am trying to use the
X509 Certificate provided by the vendor to generate the BST. The
vendor-supplied sample shows the following SOAP header requirements:
/
<soap:Header>
<wsa:Action>http://{vendor}/{method}</wsa:Action>
<wsa:MessageID>urn:uuid:cadc391c-77b3-43d4-8f45-7615c672e1b0</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://{vendor}/{method}_Svc.asmx</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-155b1d62-f628-4f8b-9dd4-ee6806f7f9bf">
<wsu:Created>2013-02-19T18:54:28Z</wsu:Created>
<wsu:Expires>2013-02-19T18:55:28Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-eb10028a..............</wsse:BinarySecurityToken>
</wsse:Security>
</soap:Header>
/
--
View this message in context:
http://cxf.547215.n5.nabble.com/CXF-client-to-NET-web-service-attempting-to-create-BinarySecurityToken-BST-tp5726168p5726176.html
Sent from the cxf-user mailing list archive at Nabble.com.
