I have a question regarding sample 05 under 'policy' - WST request and Saml
assertion response.
I notice that in this case both the client and server are configured to use
X509 certs - i.e the client sends
a RST request which is signed by its pvt key and the server sends the response
with saml asssertion which is signed by its pvt key
and both the client and server are configured to use signatureCrypto.
I'm trying to implement the same scenario where the user (client) does not have
a X509 cert, but instead only wants
to send a UsernameToken and receive a RST response with a Saml assertion after
the server has verified the password
in the UT (this communication will be done via Https / if not TSL is used, then
the message should be encrypted using
the public key of the server)
How do I do this? What type of binding should I use in the policy file? (i'm
guessing not asymmetric binding?)
Is this doable? and if so can you provide some guidance?
Thanks,
Murali
____________________________________________________________________________________
Tonight's top picks. What will you watch tonight? Preview the hottest shows on
Yahoo! TV.
http://tv.yahoo.com/
