Hi David, I am assuming you'd like to create a self-signed assertion.
You can use the opensaml 1.1 library already shipped with rampart/wss4j to build your assertion. With it you can sign it with your own key. Once you build the object, you can serialize to DOM and from there into AXIOM OMElement. Then, to get it in the Security header, create your own security header and add the saml to it as a child. Then add the header to the envelope before invoking your web service. WSS4J would use your security header to add the signature element. Not sure about the ordering but I am assuming the signature will come after the saml element: Enevelope\Header\Security\saml Enevelope\Header\Security\signature Best Regards, George -----Original Message----- From: dstrower [mailto:[EMAIL PROTECTED] Sent: Sunday, September 16, 2007 7:28 AM To: [email protected] Subject: Can the location of the signature be controlled? I am trying to sign a message with a SAML token. I am able to do this but the format looks like this: Security signature saml My server requires that the signature be inside the SAML assertion. Can I control where the signature is placed? -- View this message in context: http://www.nabble.com/Can-the-location-of-the-signature-be-controlled--t f4451302.html#a12699525 Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ********************************************************************** --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
