Kerberos authentication without SecurityPolicy in WSDL
This post has NOT been accepted by the mailing list yet.
I'm working on an integration scenario for a customer and have run into a challenge.
The customer is using a model driven application platform that uses Metro to implement its web services stack. From the modeling environment, I can publish a process flow as a Web service, after which it generates a WSDL based on the input/output parameters and domain model of the application. I have no way to influence the WSDL other than changing the input/output parameters of the process flow. I can however perform a custom mapping of the SOAP header of incoming requests.
The customer wants to integrate the application with several .NET systems using WS-Security and the Kerberos Token Profile. IMO, setting this up requires defining the Security Policy in the WSDL and referencing it from the binding and/or operation.
My question is this: Is it possible to make this work without being able to modify the WSDL to include the Security Policy definition?