We are using Rampart 1.4. We require our clients to send soap requests that contain a WS_Security header with an client side X509 digital certificate. (The service authenticates and authorizes the client based on the transmitted x509 certificate.) We do not not require the service to return a reply with an WS_Security header. (That is our preference.)
In Rampart version 1.4 is it possible to create a policy where the client is required to send a WS_Security Header with an X509 certificate and the service is not required to reply with WS_Security header. We would like the service to return a soap envelope with no WS_Security stuff. If the answer is yes, can you tell me where I can find a sample policy that supports these requirements. Mark Cerf Berman AVP - Application Architect U.S. Bank EP-MN-BGFD Riverbank Business Center Office 2751 Shepard Road St. Paul, MN 55116 [email protected] 651-205-2970 direct 651-205-0597 fax U.S. BANCORP made the following annotations --------------------------------------------------------------------- Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation. ---------------------------------------------------------------------
