This content has been marked as final. Show 2 replies
It should be possible to use custom policies with OWSM. You'll need to create a new policy that defines only those elements that you want to sign and apply this policy on the service.
Did you have a look at this post - https://blogs.oracle.com/owsm/entry/custom_policies_custom_assertions_11g
It is considered good etiquette to reward answerers with points (as "helpful" - 5 pts - or "correct" - 10pts).
Thank for your replay.
As you say, it is possible to use custom policies with OWSM, and that is what I did but no results at all. I create a new policy from "oracle/wss10_message_protection_service_policy" and uncheck the encryption part, both request and response. Then I delete from the sign part all element from header and check sign all body option. I leave the timestamp checked and there is no way to say if I want to sign the timestamp or not. Then I check the policy's xml and I see that message part to signed is only the body, but then when I use console for testing the service, timestamp is always signed in the response.
So, my questión is, OSB sign always timestamp or there is a way to say that no signed timestamp is necesary
thank a lot