No, not at all. It's not an issue for me either way, I mainly wanted to confirm or correct my thinking on the matter.
Thanx, Stephen W. Chappell From: Colm O hEigeartaigh <[email protected]> ANG-B31, Information Security Branch To: "[email protected]" <[email protected]>, Date: 05/06/2014 09:35 AM Subject: Re: CXF STS UseKey value The CXF STS will accept either a KeyInfo/X509Data or a wsse:SecurityTokenReference (possibly to a BinarySecurityToken in the security header of the request). Technically, the UseKey element could also contain a BinarySecurityToken, however I've neither seen this before nor have heard of a valid reason for supporting it. Do you have a compelling reason to use a BinarySecurityToken here? Colm. On Tue, May 6, 2014 at 1:09 PM, <[email protected]> wrote: > In my STS implementation, my RST messages are expected to contain a UseKey > element with an X.509 certificate, something like this: > > <UseKey> > <ds:KeyInfo> > <ds:X509Data> > <ds:X509Certificate>some-encoded-cert</ds:X509Certificate> > </ds:X509Data> > </ds:KeyInfo> > </UseKey> > > This works fine, mostly. But it will does not work if the certificate is > provided as a BinarySecurityToken, e.g., > > <UseKey> > <wsse:BinarySecurityToken EncodingType="..." > ValueType="...">some-encoded-cert</wsse:BinarySecurityToken> > </UseKey> > > > It's the same info either way, but I had thought that UseKey should accept > a BST. Is this an issue with the STS, or an issue with my understanding? > > Thanx, > > > Stephen W. Chappell > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
