Hi Nandana,
Quoting Nandana Mihindukulasooriya <[EMAIL PROTECTED]>:
If I engage rampart, I've to put something in the security header, right?
Nope, if don't have a policy ( in the policy based configuration ) or a
security
parameter ( in the old way of configuration ), Rampart doesn't expect a
secuerity
header. There is a problem though , that whenever there is a policy, we
expected a
security header. This has to be fixed in Rampart by checking the policy and
and enforcing a security header when only necessary.
I am using a fake policy, I have just an open wsp:SecurityPolicy, wsp:All and
as child the rampart configuration.
It seems you are getting this must understand check fail error because you
are getting a security
header with a must understand true, in the response you get from the service
and not in the
request that you create. Can please a take look at that and the security
configuration of the service
for the out flow ?
I saw, and I don't have any InFlow and OutFlow. The policies are defined
as I described before.
I reimplemented my new TokenIssuerDispatcher, to see something.
But the problem is in the constructor of Rahasdata:
// If the principal or a SAML assertion is missing
if (this.principal == null && this.assertion == null) {
throw new TrustException(TrustException.REQUEST_FAILED);
}
That causes my problem: I've the UsernameToken in the wst:Base in the body.
So I cannot Use rahasdata(). I will extend it and write my own version.
Is this a right way to proceed?
Thank you,
Massimiliano
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
