2 Replies Latest reply on Jan 22, 2013 4:26 AM by 985855

    SAML1.1 Assertion (Sender Vouches) policy


      I am trying to write SAML1.1 Assertion (Sender Vouches) policy that will not be used over HTTPS and will not use the message signing and encryption (I do not want to use the standard policies Wssp1.2-2007-Saml1.1-SenderVouches-Https.xml and Wssp1.2-2007-Saml1.1-SenderVouches-Wss1.0.xml for these reasons). Functionall this policy should be like:

      <?xml version="1.0"?>
      <wsp:Policy ........................>
      <wssp:SecurityToken TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-2004-01-saml-token-profile-1.0#SAMLAssertionID">

      But the above policy can be used with JAX-RPC only (I plan to use new policy in JAX-WS web services).
      Could someone help me with this task?

      Any help will be appreciated.