I've been looking into how jboss does encryption between the client and the service. I have jboss working using the configuration file jboss-wsse...
encryption works great for the body, however, jboss doesn't encrypt the headers. Since the SAML token is sent across in a Security header, what are my options for protecting the token? I saw "EncryptToken" in the picketlink-sts.xml file, does this encrypt the entire token?
If it works, does it encrypt the entire token? What do I have to do on the JBoss service side, if anything?
Thanks in advance.