Typically the Validator doesn't care about which Signature it is validating. The usual use-case is that you don't have to configure a Signature Validator at all, you just supply the truststore, so if you're validating two asymmetric signatures the truststore should contain the issuing certs for both. It's only after validation in the security policy layer that we match up Signatures to tokens, to make sure that if the policy says that a token is to be signed, that it is actually signed etc.
Colm. On Fri, Jul 13, 2018 at 5:17 PM, vlad.balan <[email protected]> wrote: > Sorry, yes, that was the symmetric. > > > And one more question, if i may: > > - the supporting tokens are validated by the same signature validator > "ws-security.signature.validator" > > I saw one example of yours, extending this default validator (fot other > purposes). > > - if yes, how cand we know in the code when we validate the base signature > and when the endorsing one? > > Or maybe it works other way. > > > Thanks a lot. > > > > > > -- > Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
