You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Nandana Mihindukulasooriya <na...@gmail.com> on 2010/02/27 08:30:40 UTC
Re: In Rampart version 1.4 is it possible to create a policy where
the client is required to send a WS_Security Header with an X509 cert and the
service is not required to reply with WS_Security header.
Hi Mark,
If I understood the scenario correctly, applying the policy at
message level should solve your problem i.e. you apply the policy only to
the incoming message ( w.r.t server side). This is possible with Rampart and
policy based configuration. This tutorial [1] explains how to do it.
regards,
Nandana
[1] - http://wso2.org/library/3786
On Fri, Feb 26, 2010 at 9:53 PM, <ma...@usbank.com> wrote:
> We are using Rampart 1.4. We require our clients to send soap requests
> that contain a WS_Security header with an client side X509 digital
> certificate. (The service authenticates and authorizes the client based
> on the transmitted x509 certificate.) We do not not require the service
> to return a reply with an WS_Security header. (That is our preference.)
>
>
> In Rampart version 1.4 is it possible to create a policy where the client
> is required to send a WS_Security Header with an X509 certificate and the
> service is not required to reply with WS_Security header. We would like
> the service to return a soap envelope with no WS_Security stuff.
>
> If the answer is yes, can you tell me where I can find a sample policy
> that supports these requirements.
>
> Mark Cerf Berman
> AVP - Application Architect
> U.S. Bank
> EP-MN-BGFD
> Riverbank Business Center Office
> 2751 Shepard Road
> St. Paul, MN 55116
> mark.berman@usbank.com
> 651-205-2970 direct
> 651-205-0597 fax
> U.S. BANCORP made the following annotations
> ---------------------------------------------------------------------
> Electronic Privacy Notice. This e-mail, and any attachments, contains
> information that is, or may be, covered by electronic communications privacy
> laws, and is also confidential and proprietary in nature. If you are not the
> intended recipient, please be advised that you are legally prohibited from
> retaining, using, copying, distributing, or otherwise disclosing this
> information in any manner. Instead, please reply to the sender that you have
> received this communication in error, and then immediately delete it. Thank
> you in advance for your cooperation.
>
>
>
> ---------------------------------------------------------------------
>
>