Hi Colm! The service supplies the symmetric keys to the clients. There is an application, you logn in with your client account, and press a button and the symmetric key is generated and showed in the screen. Then you copy the key (base64 coded) and paste it wherever is needed by the client application. This is the usual procedure.
Thank you very much. 2008/12/16 Colm O hEigeartaigh <[email protected]> > Hi Benito, > > > > WSS4J only supports signing using HMAC in a limited set of circumstances, > for example signing using a key derived from a UsernameToken. The > implementation looks pretty limited though. What are your exact > requirements? How will your symmetric key be derived? > > > > Colm. > > > ------------------------------ > > *From:* Benito Ríos [mailto:[email protected]] > *Sent:* 16 December 2008 09:49 > *To:* [email protected] > *Subject:* Symmetric key signature > > > > Hi, > > I'd like to know if WSS4J provides symmetric key signatures. > > I need to develop a web service client in java which has to sign messages > with a symmetric key, using the algoritm HMAC-SHA1 > (http://www.w3.org/2000/09/xmldsig#hmac-sha1). > The client also has also to validate signed messages received from server > which uses the same symmetric > key.<http://www.w3.org/2000/09/xmldsig#hmac-sha1> This > is imposed by the service and there is no > choice.<http://www.w3.org/2000/09/xmldsig#hmac-sha1> > > For example, I have seen that Sun's XWS Security framework doesn't provide > signing but yes validating de signature with symmetric keys. > > Does WSS4J provide both signing and validating? > > If yes, some guide about how to write WSS4J security xml configuration > would be very appreciated. How to inform the symmetric key to the framework? > I only have seen examples of how to inform keystores and certificates. > > Thank you very much. >
