Hi Colm :-) I'd like to avoid to use https in the communication between client and service provider. In my scenario I'd like to use https only in the communication between client and the sts (to avoid the sniff of the credential). Instead I'd like to use http in the communication between client and the service provider. To avoid the sniff of the token I'd like to encrypt the request with the public key of the service provider and sign the same request with the private key of the client. It's possibile?
Thank you very much! Ciao ciao :-) Emiliano Carlesi Email: emiliano.carl...@itattitude.com Mobile: +39 3487837153 Phone: +39 0650939115 Fax: +39 0689284365 Skype: emiliano.carlesi Lync: emiliano.carl...@itattitude.com -----Original Message----- From: Colm O hEigeartaigh [mailto:cohei...@apache.org] Sent: Thursday, November 14, 2013 5:27 PM To: users@cxf.apache.org Subject: Re: PublicKey as KeyType What does the client request look like? To satisfy a Holder of Key Assertion, the client must prove to the message recipient that it knows the private key associated with the public key in the Assertion. It must do this either by signing some part of the message using WS-Security, or else by using TLS with client authentication. Colm. On Thu, Nov 14, 2013 at 4:21 PM, Emiliano Carlesi < emiliano.carl...@itattitude.com> wrote: > Hi Guys, > I'd like to move from current KeyType "Bearer" to "PublicKey". I > change the WSDL of the WSS, but I get this error: > > WARNING: Interceptor for { > http://test.itattitude.com/}SampleService#{http://test.itattitude.com/ > }getMessagehas thrown exception, unwinding now > org.apache.cxf.ws.policy.PolicyException: These policy alternatives > can not be satisfied: > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IssuedToken: > Assertion fails holder-of-key requirements > at > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179) > at > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101) > at > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > at > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239) > at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) > at > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:167) > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) > at > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:724) > > I google about this error but I don't found nothing help me... Someone > know how to solve it? > > Thanks > > Ciao ciao > > Emiliano Carlesi > > Email: emiliano.carl...@itattitude.com > Mobile: +39 3487837153 > Phone: +39 0650939115 > Fax: +39 0689284365 > Skype: emiliano.carlesi > Lync: emiliano.carl...@itattitude.com > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
