You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by at4david <at...@gmail.com> on 2007/08/06 11:55:22 UTC

UsernameToken and Signature

Hi, I am trying to use a complete security configuration in which the client
sends UsernameToken, encrypts the SOAP body and signs the timestamp; the
problem is that I don't know how I could distinguish the signature user of
the usernametoken user in client_config.wsdd. Is it possible to send
Username from Usernametoken different to signature user??? The only  way
that I achieved this was set the same user for Usernametoken and signature
user and then the client has to send the secret key to open its certificate
and the server would have to store this secret key of the client in its
PWCAllback and this breaks the security concept.

Thanks in advance



-- 
View this message in context: http://www.nabble.com/UsernameToken-and-Signature-tf4223194.html#a12013588
Sent from the WSS4J mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org