Is it possible to have a Rampart client send its certificate to the
server as part of a request when signing is not used? I'd like to be
able to use encryption without signing, but that requires the client to
send its certificate.
From reading WS-SecurityPolicy 1.2, I thought this should force the
client to send its certificate on every request:
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:InitiatorToken>
but it appears to be ignored by Rampart unless signing is used. Am I
misinterpreting WS-SP, or is this an error in Rampart?
- Dennis
--
Dennis M. Sosnoski
SOA and Web Services in Java
Axis2 Training and Consulting
http://www.sosnoski.com - http://www.sosnoski.co.nz
Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117