I have an Oracle Web service ( using Endorsing Certificate scenario )that advertises the assertion in the security policy. I read some where that WSIT does not support it (neither does WCF). However I went ahead and created the client proxy for the Web Service.
So when the client sends the request in where
a) is advertised in WSDL: I see that as expected the BST is signed by the EndorsingSupportingToken. Additionally, the Primary Signatures's STR pointing to the encryptedKey is also signed.
b) is not advertised in WSDL: I see that the BST is not signed by the Endorsing supporting token.
Can someone please throw some light on this? Is assertion supported at all? Attached is the advertised WSDL