You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Karl Schmeing <ka...@yahoo.de> on 2009/09/26 11:19:50 UTC

WSSE and Binary Security Token




Hi,

I use WSSE Signature with X.509 Authentication according to 
http://domagojtechtips.blogspot.com/2007/08/cxf-spring-and-ws-security-putting-it.html

Now my customer wants to use the Binary Security Token. 

I found a webpage with some hints to reach this goal.

http://www.nabble.com/WS-Security-error-when-using-BinarySecurityToken-td14669528.html


<entry key="encryptionUser" value="useReqSigCert"/>
  <entry key="signatureKeyIdentifier" value="DirectReference"/> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>


JRoller says, that it doesn't work


http://www.jroller.com/gmazza/entry/using_cxf_and_wss4j_to


CXF uses WSS4J to implement WS-Security, which covers two of WSS' token profile options (UsernameToken and X.509 Token), as well as partial support for the SAML token profile. (See the CXF WS-Security documentation for more details.) CXF 2.2 introduces support for WS-SecurityPolicy (also available with Metro), but the below tutorial has the WS-Security configuration done outside of the WSDL.

Can somebody explain Philip Wanners Solution? (I could't get in touch with him.)

Regards,
 Karl Schmeing