I have a rampart STS Client whose policy looks like this
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
It produces a RequestSecurityToken (RSTR) (WS-Trust 1.3) Where the embedded token looks like
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-2">
<wsse:Username>#####</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">####</wsse:Password>
</wsse:UsernameToken>
The STS server I am using rejects this as the UserName Token profile in WS-Trust MUST include a wsu:Created element inside the token itself.
I have seen examples of RSTR from rampart forums where the wsu:Created is part of the token. Is there a way to change the configuration or to programatically force the STSClient to add it?