Hi, I writing a WebService that should be consumed by a .NET client with WSE2 and I'm asked to secure the WS using WS-SecureConversation. I know that the initial authentication (to obtain a SecurityContextToken) should happen using X.509 certs. I wuold like to use WSS4j for this, but I don't find so much documentation about this. I builded the source from CVS and I heard that someone is using WSS4J in such contexts. I looked around the source but it's a bit hard to understand how to configure it.
Specifically I don't understand what piece of code actually handles the RequestSecurityToken for initialization of the Context and how to configure it to authenticate using X.509. I know also that the context can be initialized by the requestor sending an unsolicited RSTR in the header of the SOAP message (correct me if I'm wrong). WSS4J can handle this? Moreover the .NET client seems to use the Entropy tag to establish the Context, WSS4J works with that? Please any help to better understand how to configure WSS4J is appreciated. Thanks, Davide Romanini
