Hi Cyril, On Wed, Jul 29, 2009 at 4:24 AM, Cyril DANGERVILLE<[email protected]> wrote: > Hello, > I tried out the Commodity Quote Sample shipped with WSO2 WSAS 3.0 (see > http://wso2.org/project/wsas/java/3.0.1/docs/wso2wsas-3.0.1-docs/commodity_quote_guide.html), > scenario 2: Sign only - X509 Authentication. > When I look at the client request with WSO2 WSAS SOAP message tracer, > only the timestamp part of the security header and the body of the > message are signed. The <wsse:BinarySecurityToken> part of the > security header is not signed (no reference to this part in the > SignedInfo element). Why?
This is the correct behavior. <wsse:BinarySecurityToken> contains the public certificate which should be used to validate the signature. It will not be included in the signature. > How do I make it signed? Do I have to force it some way in the > client's securitypolicy file? Is it a Rampart issue? > > My problem is I have to make it communicate with a weblogic component > that expects it to be signed. This might be a problem of inconsistency of server and client policy files. Can you get the policy/WSDL from the service and attach it? Also attach the SOAP request/reply captured using message tracer. Possibly the server might expect the addressing headers to be signed, in that case, you have to modify the client side policy. Regards, Shankar > > Thanks for any help. > > Regards, > --Cyril > > _______________________________________________ > Wsas-java-user mailing list > [email protected] > https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user > _______________________________________________ Wsas-java-user mailing list [email protected] https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
