cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wservarch <wserva...@gmail.com>
Subject Passing session key through soap header
Date Thu, 26 Aug 2010 04:13:19 GMT

Instead of password digest in username token, 'am taking slightly different
approach in sending username token to receiver end through soap header.

Using a session key I am encrypting my password_text, then encrypting the
session key with public key of the receiver (or endpoint).
Receiver receives both my encrypted session key and encrypted password_text.
Receiver uses it's private key to decrypt the session key, which in turn can
be used to decrypt the actual password_text.

Now the question is how to send the encrypted session key through SOAP
Header along with encrypted password_text?

If i go with username token policy, i can send encrypted password, there is
no field in it through which I can send my encrypted key.

Can some body help me know how the policy xml in wsdl going to look like?
-- 
View this message in context: http://cxf.547215.n5.nabble.com/Passing-session-key-through-soap-header-tp2668876p2668876.html
Sent from the cxf-user mailing list archive at Nabble.com.

Mime
View raw message