0 Replies Latest reply: Jul 5, 2012 4:15 AM by 947580 RSS

    OSB - additional validation of X509 certificate in signed SOAP message

    947580
      Hi,

      I have proxy service (type Active-Intermediary) using standard sign.xml policy.
      I store client certificates in Certificate Registry.
      Signature validation works OK, but I need an additional check if CN from certificate matches with message sender.
      In Active-Intermediary proxy service I don't see WS-security headers, because it has option "Process WS-Security Header" enabled and consumes these headers.
      The first idea is to make additional proxy service (type Pass-Through) and parse X509 certificate from SecurityToken using Java Callout.
      Is it right way ? Or can I do it better way?

      Gregor