You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by Murali Krishnan <cm...@yahoo.com> on 2007/10/02 19:54:26 UTC

How to send Ws-trust request with UT (policy/sample05 related)?

I have a question regarding sample 05 under 'policy' - WST request and Saml assertion response.
I notice that in this case both the client and server are configured to use X509 certs - i.e the client sends
a RST request which is signed by its pvt key and the server sends the response with saml asssertion which is signed by its pvt key
and both the client and server are configured to use signatureCrypto.

I'm trying to implement the same scenario where the user (client) does not have a X509 cert, but instead only wants
to send a UsernameToken and receive a RST response with a Saml assertion after the server has verified the password
in the UT (this communication will be done via Https / if not TSL is used, then the message should be encrypted using
the public key of the server)

How do I do this? What type of binding should I use in the policy file? (i'm guessing not asymmetric binding?)
Is this doable? and if so can you provide some guidance?
Thanks,
Murali




      ____________________________________________________________________________________
Tonight's top picks. What will you watch tonight? Preview the hottest shows on Yahoo! TV.
http://tv.yahoo.com/