cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mayank Mishra <>
Subject Re: WS-Security how the server select a certificate
Date Thu, 08 Oct 2009 19:03:00 GMT

One way of doing this is by specifying Alias name in trust store related 
assertions/configuration specified using the WS-Security Policy. You can 
specify this assertion at policy bound to Binding/Port/Service level.

But since the scenario has different client each with its own private 
key, either you can use the BST signature key reference Identifier in 
which client sends the public certificate embedded in the secured message.
or in the WS-SecurityPolicy,  you can specify an KeyValueToken as a 
token type, then the Security engine would output an RSAKeyValue key in 
the security header which is the public key certificate I guess.

But in both cases, on the receiving side, we require to write a callback 
handler to extract, validate and reinsert the certificate in the context 
to use it.

With Regards,

cLaSic wrote:
> Hi all,
> I have a general question about WS-Security : How the server select a
> certificat from the thruststore to authenticate the client signature ? we
> suppose that we have a lot of client, and each one has it's private key, of
> course the server has also each client public key.
> Regards,
> cLaSic

View raw message