I see. But what I if I don't want to protect (sign/encrypt) the usernametoken? My it for testing purpose or because SSL is enough.
The pasted policy does that. Except for the timestamp. Is there a way not to protect the usernametoken but add the timestamp? -- View this message in context: http://cxf.547215.n5.nabble.com/Where-to-put-sp-Timestamp-in-WS-Policy-for-RST-SCT-Issue-Request-with-Timestamp-tp5739515p5739523.html Sent from the cxf-user mailing list archive at Nabble.com.
