I am not sure if there's a way to do this using the WS-Policy-based configuration. I tried several combinations about nine months ago with the Rampart 1.4 along with Axis 1.4, and was unable to strike the right balance to make that happen. So I would also be interested if there is a way of doing this sort of one-sided policy setting in Rampart.
Having said that, I was able to do this with the deprecated Rampart basic configuration, though I only tried it on the client-side. By setting the OutFlowSecurity parameter to include the necessary certificate and signature and setting the InFlowSecurity parameter to an empty set, the client was able to comform to this sort of policy. The same could probably be done on the service-side using Rampart-based. -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Friday, February 26, 2010 2:54 PM To: [email protected] Cc: [email protected] Subject: In Rampart version 1.4 is it possible to create a policy where the client is required to send a WS_Security Header with an X509 cert and the service is not required to reply with WS_Security header. We are using Rampart 1.4. We require our clients to send soap requests that contain a WS_Security header with an client side X509 digital certificate. (The service authenticates and authorizes the client based on the transmitted x509 certificate.) We do not not require the service to return a reply with an WS_Security header. (That is our preference.) In Rampart version 1.4 is it possible to create a policy where the client is required to send a WS_Security Header with an X509 certificate and the service is not required to reply with WS_Security header. We would like the service to return a soap envelope with no WS_Security stuff. If the answer is yes, can you tell me where I can find a sample policy that supports these requirements. Mark Cerf Berman AVP - Application Architect U.S. Bank EP-MN-BGFD Riverbank Business Center Office 2751 Shepard Road St. Paul, MN 55116 [email protected] 651-205-2970 direct 651-205-0597 fax U.S. BANCORP made the following annotations --------------------------------------------------------------------- Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation. ---------------------------------------------------------------------
