You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by andreas_triebel <an...@adesso.ch> on 2012/11/27 15:22:10 UTC
Question about Sender-Vouches and Body Signature
Hi
A message with SV confirmation method is rejected by CXF if the SOAP body is
not signed (which is good I think).
My question: Is it possible to convince CXF to accept such a message?
I know this would break the idea of a subject confirmation method, but I
need to know if it's possible in CXF.
Thanks
-Andreas
--
View this message in context: http://cxf.547215.n5.nabble.com/Question-about-Sender-Vouches-and-Body-Signature-tp5719215.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Question about Sender-Vouches and Body Signature
Posted by Colm O hEigeartaigh <co...@apache.org>.
Yes - you can use a security policy that only consists of a SAML Token
(without a security binding). For example see the "DoubleItBearerPolicy"
here:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl?view=markup
This activates the SamlTokenInterceptor which does not do any checking of
the Subject Confirmation.
Colm.
On Tue, Nov 27, 2012 at 2:22 PM, andreas_triebel
<an...@adesso.ch>wrote:
> Hi
>
> A message with SV confirmation method is rejected by CXF if the SOAP body
> is
> not signed (which is good I think).
> My question: Is it possible to convince CXF to accept such a message?
> I know this would break the idea of a subject confirmation method, but I
> need to know if it's possible in CXF.
>
> Thanks
> -Andreas
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Question-about-Sender-Vouches-and-Body-Signature-tp5719215.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com