cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: WS-Security : UsernameToken(Password Digest) + Sign/Encrypt Messages
Date Fri, 20 Sep 2013 10:18:15 GMT
1) "RequireClientCertificate" means that the service endpoint must be
configured to require a client certificate + must be set up with a
trustManager. For example, if you are using Jetty (lines 50 -> 70):

http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml?view=markup

Similarly, the client needs to be configured with a keyManager to supply
the certificate, e.g. (line 111 -> 120):

http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/client/client.xml?view=markup

2) If you are using TLS/TransportBinding, then the messages are already
encrypted/signed at the Transport level. If you require message level
signature/encryption, then you need to use either a Symmetric or Asymmetric
Binding, depending on your requirements.

Colm.






On Fri, Sep 20, 2013 at 11:04 AM, Faz <arshadmohammed.techie@gmail.com>wrote:

> Hi All,I was successful in setting up the WS-security with SSL, along with
> UsernameToken(PasswordDigest) with the below code snippet.All this works
> good, Now i would like to know few here...1. What in CXF should be done, if
> I change the *RequireClientCertificate *to true in *HttpsToken* ?2. I need
> to also have the messages encrypted and Signed along with the above set-up?
> Would setting the *sp:OnlySignEntireHeadersAndBody* tag help me out here? I
> don't need X.509 certificates, but just need to encrypt and decrypt the
> messages?If there is any better option, please let me know. Thnx!
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/WS-Security-UsernameToken-Password-Digest-Sign-Encrypt-Messages-tp5734299.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message