RE: more than one certificate in a policy
- From: "Keith" <keith.stacy@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 30 Nov 2005 06:41:01 -0800
I am wrestling with a similar issue, but what I have found so far may be of
help. I have found that if you wrap multiple <SecurityToken> elements with a
<wsp:OneOrMore> element then, at least on the request side, the web service
can take any of the certs I use on the client side. Now if I can find a way
to specify on the return trip that the cert used on the request is the one to
use on the response message, I'll be golden. Anyone?
HTH,
Keith
"haller" wrote:
> Hello everybody,
> I am developing a multithreaded windows service in C# whose purpose is to be
> a client for a WSE web service with X-509 authentication.
>
> I have to configure a policy file using more than one digital certificate.
> In fact, my service must have the possibility to use one certificate per
> thread. I know I can configure one <policy> element for each endpoint url,
> but I'm looking for a way to use different certificates at the same time.
> Here's an extraction of my policy where it sets the cerificates:
>
>
> <wssp:Integrity wsp:Usage="wsp:Required">
> <wssp:TokenInfo>
> <wssp:SecurityToken>
> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
> </wssp:TokenType>
> <wssp:Claims>
> <wse:Parent>
> <wssp:SecurityToken>
> <wssp:TokenType>
> http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
> </wssp:TokenType>
> <wssp:Claims>
> <wse:BaseToken>
> <wssp:SecurityToken>
>
> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType>
> <wssp:TokenIssuer>C=it, O=GRTN, OU=CA
> GRTN</wssp:TokenIssuer>
> <wssp:Claims>
> <wssp:SubjectName
> MatchType="wssp:Exact">CLIENT_CERTIFICATO_SUBJECT_NAME</wssp:SubjectName>
> <wssp:X509Extension OID="2.5.29.14"
> MatchType="wssp:Exact">CLIENT_CERTIFICATO_KEY_IDENTIFIER</wssp:X509Extension>
> </wssp:Claims>
> </wssp:SecurityToken>
> </wse:BaseToken>
> <wse:IssuerToken>
> <wssp:SecurityToken>
>
> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType>
> <wssp:TokenIssuer>C=it, O=GRTN, OU=CA
> GRTN</wssp:TokenIssuer>
> <wssp:Claims>
> <wssp:SubjectName
> MatchType="wssp:Exact">SERVER_CERTIFICATO_SUBJECT_NAME</wssp:SubjectName>
> <wssp:X509Extension OID="2.5.29.14"
> MatchType="wssp:Exact">SERVER_CERTIFICATO_KEY_IDENTIFIER</wssp:X509Extension>
> </wssp:Claims>
> </wssp:SecurityToken>
> </wse:IssuerToken>
> </wssp:Claims>
> </wssp:SecurityToken>
> </wse:Parent>
> </wssp:Claims>
> </wssp:SecurityToken>
> </wssp:TokenInfo>
> <wssp:MessageParts
> Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part";>wsp:Body()
> wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From)
> wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo)
> wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts>
> </wssp:Integrity>
>
>
> Is it sufficient to add others similar sections to my my policy with
> different certificate references? In that case, how can I decide what
> certificate to use in runtime without using manual certificate selection
> pop-up dialog ?
>
> Thanks in advance to anybody helping me
>
.
- Prev by Date: Returning a datatable from a 2.0 webservice
- Next by Date: Re: Tricky one (at least for me)
- Previous by thread: Returning a datatable from a 2.0 webservice
- Next by thread: Re: Tricky one (at least for me)
- Index(es):
Relevant Pages
|
