Hello there! After some tests I identified that keyIdentifier is not working because my certificates don't have this information. I've created just self signed certificates for my solution and I couldn't found a way to add keyIdentifier information to it what seems to be a normal information on CA provided certificates.
This lets me with just one choice considering the 3 first pointed options: "directReference", "keyIdentifier" and "x509IssuerSerial". Does anyone used "directReference" on any scenario and can share a "policy.xml" configuration file ? Thanks and best regards, Mauro. 2011/3/2 Mauro Brasil <[email protected]> > Hello there! > > I'm trying to improve security on a application suite we have here by > adding ws-security encryption. We were using just ws-security's Username > Token for authentication, but now we need to encrypt message's content > because some sensitive information will be added to it. > > We use JBossWS running on "JBoss-4.2.3.GA" at server side and > axis2c/rampartc on clients side. > > First problems we detected was the absense of tokenReference configuration > what led us to a clear message on server "Invalid message, > SecurityTokenRefence is empty". > Having a closer look at JBossWS configuration I've noticed that it accepts > 3 types of token references, that are: directReference *(default*), > keyIdentifier and x509IssuerSerial. > > > I couldn't find a usable rampartc policy file configuration for first > option "directReference" and I'm not sure if it's provided at all. I've > found a reference for second option "keyIdentifier" but the addition on > policy file (through "<sp:RequireKeyIdentifierReference/>" tag) resulted > again on empty SecurityTokenReference, and the last option > "x509IssuerSerial" works for rampartc but server refuses it. > > So, I would like to ask someone about the other two options > "directReference" and "keyIdentifier" token references. Does anyone know how > to config rampartc policy file to send those kind of token references? > > Note.: I'm using axis2c version 1.6.0 and rampartc version 1.3.0. > > Thanks a lot and best regards, > Mauro. > > >
