Use single certificate in WS Security

Question

I'm working in WS-Security configurations in SOAP UI. In Signature, I have an option called "Use Single Certificate for signing" I tried checking it and unchecking it, the request are same. I don't find the differences. When should I use that option?

I tried to search on google, I couldn't find the answer. Pardon me if my understanding is wrong.

Answer 1

After a little search with the OP seems that we found the answer.

This checks adds a specific <wsse:BinarySecurityToken> in the <wsse:Security> headers, specifying a certificate (in SOAPUI specific case specifying the certificate used to perform the signature).

From the oasis spec we can see the definition of this element:

3.1 Token types

This profile defines the syntax of, and processing rules for, three types of binary security token using the URI values specified in Table 2 (note that URI fragments are relative to the URI for this specification).

3.1.1 X509v3 Token Type

The type of the end-entity that is authenticated by a certificate used in this manner is a matter of policy that is outside the scope of this specification.

In this document there is also a sample of the <wsse:BinarySecurityToken> node added to the <wsse:Security> headers, which is basically a <wsse:BinarySecurityToken> with a valueType"wsse:X509v3" attribute and the certificate codified as base64 in the text value of this node:

<wsse:BinarySecurityToken 
   wsu:Id="binarytoken" 
   ValueType="wsse:X509v3"
   EncodingType="wsse:Base64Binary">MIIEZzCCA9CgAwIBAgIQEmtJZc0…
</wsse:BinarySecurityToken> 

Answer 2

The Reason for coming wsu:Id in SOAP Body:

• This attribute, defined as type xsd:ID, provides a well-known attribute for specifying the local ID of an element.
• Used to locate elements in the message e.g. correlating signatures to sec. tokens
• XML Schema defines several id and referencing data types, but they
  require consumer to have or obtain schema definition.