1) "RequireClientCertificate" means that the service endpoint must be configured to require a client certificate + must be set up with a trustManager. For example, if you are using Jetty (lines 50 -> 70):
http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml?view=markup Similarly, the client needs to be configured with a keyManager to supply the certificate, e.g. (line 111 -> 120): http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/client/client.xml?view=markup 2) If you are using TLS/TransportBinding, then the messages are already encrypted/signed at the Transport level. If you require message level signature/encryption, then you need to use either a Symmetric or Asymmetric Binding, depending on your requirements. Colm. On Fri, Sep 20, 2013 at 11:04 AM, Faz <[email protected]>wrote: > Hi All,I was successful in setting up the WS-security with SSL, along with > UsernameToken(PasswordDigest) with the below code snippet.All this works > good, Now i would like to know few here...1. What in CXF should be done, if > I change the *RequireClientCertificate *to true in *HttpsToken* ?2. I need > to also have the messages encrypted and Signed along with the above set-up? > Would setting the *sp:OnlySignEntireHeadersAndBody* tag help me out here? I > don't need X.509 certificates, but just need to encrypt and decrypt the > messages?If there is any better option, please let me know. Thnx! > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/WS-Security-UsernameToken-Password-Digest-Sign-Encrypt-Messages-tp5734299.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
