Hi,
One way of doing this is by specifying Alias name in trust store related
assertions/configuration specified using the WS-Security Policy. You can
specify this assertion at policy bound to Binding/Port/Service level.
But since the scenario has different client each with its own private
key, either you can use the BST signature key reference Identifier in
which client sends the public certificate embedded in the secured message.
or in the WS-SecurityPolicy, you can specify an KeyValueToken as a
token type, then the Security engine would output an RSAKeyValue key in
the security header which is the public key certificate I guess.
But in both cases, on the receiving side, we require to write a callback
handler to extract, validate and reinsert the certificate in the context
to use it.
With Regards,
Mayank
cLaSic wrote:
Hi all,
I have a general question about WS-Security : How the server select a
certificat from the thruststore to authenticate the client signature ? we
suppose that we have a lot of client, and each one has it's private key, of
course the server has also each client public key.
Regards,
cLaSic
