Hi, WSS4J does not currently support constructing a KeyInfo object that includes the X509 Cert in x509Data. According to the SOAP Message Security spec:
"However, in this specification, the use of <wsse:BinarySecurityToken> is the RECOMMENDED mechanism to carry key material if the key type contains binary data." You have a few other options to use for referring to a Key from a signature: http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/handler/WSHand lerConstants.html#SIG_KEY_ID http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/handler/WSHand lerConstants.html#keyIdentifier Colm. -----Original Message----- From: vroom [mailto:[email protected]] Sent: 06 November 2009 23:25 To: [email protected] Subject: help: directReference, senderVouches & X509Certificate I have a integration test coming up and have been trying for a few days to figure out how to format a client-side SOAP message so it will be accepted by a service. The example client message I've been shown requires senderVouches and has the clients' x509 certificate being transferred to the service in the KeyInfo like so: keyInfo x509Data x509Certificate The message I'm generating with senderVouches and directReference places provides: Wsse:securityTokenReference wsse:BinarySecurityToken in header keyInfo SecurityTokenReference Reference to BinarySecurityToken My requirement therefore is to remove the SecurityTokenReference/BinarySecurityToken from the header and add the x509certificate to the KeyInfo. The software stack I'm using is: xFire 1.2.6 Wss4j 1.5.1 openSaml 1.0.1 Xmlsecurity 1.3 I'm trying to get it upgraded but its a very long and tedious process. Will an upgrade supply this functionality? -- View this message in context: http://old.nabble.com/help%3A-directReference%2C-senderVouches---X509Cer tificate-tp26230917p26230917.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
