Instead of password digest in username token, 'am taking slightly different approach in sending username token to receiver end through soap header.
Using a session key I am encrypting my password_text, then encrypting the session key with public key of the receiver (or endpoint). Receiver receives both my encrypted session key and encrypted password_text. Receiver uses it's private key to decrypt the session key, which in turn can be used to decrypt the actual password_text. Now the question is how to send the encrypted session key through SOAP Header along with encrypted password_text? If i go with username token policy, i can send encrypted password, there is no field in it through which I can send my encrypted key. Can some body help me know how the policy xml in wsdl going to look like? -- View this message in context: http://cxf.547215.n5.nabble.com/Passing-session-key-through-soap-header-tp2668876p2668876.html Sent from the cxf-user mailing list archive at Nabble.com.
