Return-Path: 
 <users-return-29821-apmail-cxf-users-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-users-archive@www.apache.org
Delivered-To: apmail-cxf-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 242F8953B
	for <apmail-cxf-users-archive@www.apache.org>;
 Tue, 27 Sep 2011 23:04:24 +0000 (UTC)
Received: (qmail 81128 invoked by uid 500); 27 Sep 2011 23:04:23 -0000
Delivered-To: apmail-cxf-users-archive@cxf.apache.org
Received: (qmail 81088 invoked by uid 500); 27 Sep 2011 23:04:23 -0000
Mailing-List: contact users-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@cxf.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@cxf.apache.org>
List-Post: <mailto:users@cxf.apache.org>
List-Id: <users.cxf.apache.org>
Reply-To: users@cxf.apache.org
Delivered-To: mailing list users@cxf.apache.org
Received: (qmail 81080 invoked by uid 99); 27 Sep 2011 23:04:23 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Sep 2011 23:04:23 +0000
X-ASF-Spam-Status: No, hits=-5.0 required=5.0
	tests=RCVD_IN_DNSWL_HI,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of vinay.penmatsa@sap.com
 designates 155.56.66.99 as permitted sender)
Received: from [155.56.66.99] (HELO smtpgw.sap-ag.de) (155.56.66.99)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Sep 2011 23:04:16 +0000
From: "Penmatsa, Vinay" <vinay.penmatsa@sap.com>
To: "users@cxf.apache.org" <users@cxf.apache.org>
Date: Tue, 27 Sep 2011 19:03:42 -0400
Subject: Signature only in policy for Username Token
Thread-Topic: Signature only in policy for Username Token
Thread-Index: Acx9abOWiWYkfkbXSYuMUJpEwkniMQ==
Message-ID: 
 <245BF775E6C4804FAAC40244D7A92A165DF70668FC@USPHLECCR02.phl.sap.corp>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-cr-puzzleid: {084CB379-D5AC-45DB-BB75-818660708FAB}
x-cr-hashedpuzzle: AUsq A+9U BI5A B2k2 CJwt ELRN FEsV FOo/ F6qX Gtls G32t
 H+Zb JbqE Jx9/ KAUV
 K+xw;1;dQBzAGUAcgBzAEAAYwB4AGYALgBhAHAAYQBjAGgAZQAuAG8AcgBnAA==;Sosha1_v1;7;{084CB379-D5AC-45DB-BB75-818660708FAB};dgBpAG4AYQB5AC4AcABlAG4AbQBhAHQAcwBhAEAAcwBhAHAALgBjAG8AbQA=;Tue,
 27 Sep 2011 23:03:42
 GMT;UwBpAGcAbgBhAHQAdQByAGUAIABvAG4AbAB5ACAAaQBuACAAcABvAGwAaQBjAHkAIABmAG8AcgAgAFUAcwBlAHIAbgBhAG0AZQAgAFQAbwBrAGUAbgA=
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Virus-Checked: Checked by ClamAV on apache.org


Hi,
With the following policy definition, the header is sent encrypted. How can=
 I get the client to only sign and not encrypt?

------
	<wsp:Policy wsu:Id=3D"UsernameToken"
		xmlns:wsu=3D"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse=
curity-utility-1.0.xsd"
		xmlns:wsp=3D"http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp=3D"ht=
tp://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
		<wsp:ExactlyOne>
			<wsp:All>
				<sp:AsymmetricBinding>
					<wsp:Policy>
						<sp:InitiatorToken>
							<wsp:Policy>
				              <sp:X509Token
				                  sp:IncludeToken=3D"http://docs.oasis-open.org/ws-sx/w=
s-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
				                <wsp:Policy>
				                  <sp:WssX509V3Token10/>
				                </wsp:Policy>
				              </sp:X509Token>
							 </wsp:Policy>			           =20
						</sp:InitiatorToken>
						<sp:RecipientToken>
				            <wsp:Policy>
				              <sp:X509Token
				                  sp:IncludeToken=3D"http://docs.oasis-open.org/ws-sx/w=
s-securitypolicy/200702/IncludeToken/Never">
				                <wsp:Policy>
				                  <sp:WssX509V3Token10/>
				                </wsp:Policy>
				              </sp:X509Token>
				            </wsp:Policy>
				          </sp:RecipientToken>=09
						<sp:Layout>
							<wsp:Policy>
								<sp:Lax />
							</wsp:Policy>
						</sp:Layout>
						<sp:AlgorithmSuite>
							<wsp:Policy>
								<sp:Basic128 />
								<!-- To use the export grade encryption that comes bundled in the=20
									JDK, comment out the above Basic256 algorithm and uncomment the be=
low Basic128. -->
								<!-- <sp:Basic128 /> -->
							</wsp:Policy>
						</sp:AlgorithmSuite>
					</wsp:Policy>
				</sp:AsymmetricBinding>
				<sp:Wss10 xmlns:sp=3D"http://schemas.xmlsoap.org/ws/2005/07/securitypol=
icy">
			        <wsp:Policy>
			          <sp:MustSupportRefKeyIdentifier/>
			        </wsp:Policy>
		      	</sp:Wss10>
				<sp:SignedSupportingTokens>
					<wsp:Policy>
						<sp:UsernameToken
							sp:IncludeToken=3D"http://docs.oasis-open.org/ws-sx/ws-securitypolic=
y/200702/IncludeToken/AlwaysToRecipient">
							<wsp:Policy>
								<sp:WssUsernameToken10/>
							</wsp:Policy>
						</sp:UsernameToken>
					</wsp:Policy>
				</sp:SignedSupportingTokens>		=09
			</wsp:All>		=09
		</wsp:ExactlyOne>
	</wsp:Policy>
---


Regards,
Vinay