Thanks Prabath, I apologize for my English or my description, I see now it was misleading, and thanks for the clarification, I have now a preliminary demo working fine, the thing was I thought I need to specify two users in my policy file, but after importing the public key of my server into my client it start to work fine
Thanks Again, Marcus ___________________________ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. On Wed, Oct 14, 2009 at 4:53 PM, Prabath Siriwardena <prab...@wso2.com>wrote: > Hi Marcus; > > The 'subject' of the mail doesn't seem to reflect the same in the > 'description' of the mail - if I understood correctly... > > If you want the client to sign the message with one certificate and the > service to sign with another certificate - then it is already supported > under AsymmetricBinding. > > Or - do you want either the client or the service to sign the message with > two different certificates ? > > Thanks & regards. > -Prabath > > m4rkuz wrote: > >> >> ___________________________ >> Marcus Sánchez Díaz. >> Enterprise Developer. >> SCJP - SCWCD. >> >> >> ---------- Forwarded message ---------- >> From: *m4rkuz* <m4r...@gmail.com <mailto:m4r...@gmail.com>> >> Date: Wed, Oct 14, 2009 at 10:50 AM >> Subject: +Rampart Sign with two Certificates >> To: axis-user@ws.apache.org <mailto:axis-user@ws.apache.org> >> >> >> >> Hello Everyone, >> >> I've been using axis2+rampart for a while now, I have an application that >> uses Axis2+Rampart for signing a validate the messages, it does this using >> only one .JKS with a key, the same .JKS, but now I been requested to change >> this behavior and make the app Sign the messages with one certificate and >> then validate the response with another certificate... >> >> How can I accomplish this? >> >> This is my current policy.xml : >> >> >> >> <?xml version="1.0" encoding="UTF-8"?> >> <wsp:Policy wsu:Id="Sign" >> xmlns:wsu=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> " >> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> >> <wsp:ExactlyOne> >> <wsp:All> >> <sp:AsymmetricBinding >> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >> <wsp:Policy> >> <sp:InitiatorToken> >> <wsp:Policy> >> <sp:UsernameToken >> sp:IncludeToken=" >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"; >> /> >> </wsp:Policy> >> <wsp:Policy> >> <sp:X509Token >> sp:IncludeToken=" >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >> "> >> <wsp:Policy> >> <sp:WssX509V3Token10 /> >> </wsp:Policy> >> </sp:X509Token> >> </wsp:Policy> >> </sp:InitiatorToken> >> <sp:RecipientToken> >> <wsp:Policy> >> <sp:X509Token >> sp:IncludeToken=" >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >> "> >> <wsp:Policy> >> <sp:WssX509V3Token10 /> >> </wsp:Policy> >> </sp:X509Token> >> </wsp:Policy> >> </sp:RecipientToken> >> <sp:AlgorithmSuite> >> <wsp:Policy> >> <sp:TripleDesRsa15 /> >> </wsp:Policy> >> </sp:AlgorithmSuite> >> <sp:Layout> >> <wsp:Policy> >> <sp:Strict /> >> </wsp:Policy> >> </sp:Layout> >> <sp:OnlySignEntireHeadersAndBody /> >> </wsp:Policy> >> </sp:AsymmetricBinding> >> <sp:SignedParts >> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >> <sp:Body /> >> </sp:SignedParts> >> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> >> <ramp:user>sam</ramp:user> >> <ramp:encryptionUser>dave</ramp:encryptionUser> >> <ramp:passwordCallbackClass>co.como.security.axis2.PWCBHandler >> </ramp:passwordCallbackClass> >> <ramp:signatureCrypto> >> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> >> <ramp:property >> >> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> >> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> >> tomcatdir/webapps/qxIntegradorRunt/WebContent/keystore/keystore.jks >> </ramp:property> >> <ramp:property >> >> name="org.apache.ws.security.crypto.merlin.keystore.password">mytestkeystore</ramp:property> >> </ramp:crypto> >> </ramp:signatureCrypto> >> </ramp:RampartConfig> >> </wsp:All> >> </wsp:ExactlyOne> >> </wsp:Policy> >> >> >> >> Any input, will be appreciated. >> >> Thanks >> >> >> ___________________________ >> Marcus Sánchez Díaz. >> Enterprise Developer. >> SCJP - SCWCD. >> >> >
