is it possible add reference to cert in KeyInfo instead of use certificate?

[Mario22]

Hello,

after signing Timestam element I get this XML:

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
   <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-386B31B89CE2A4F90B146642771702810">HERE_IS_CERT</wsse:BinarySecurityToken>
   <wsu:Timestamp Id="TS-23">
      <wsu:Created>2016-06-21T09:26:57.026Z</wsu:Created>
      <wsu:Expires>2016-06-21T09:31:57.026Z</wsu:Expires>
   </wsu:Timestamp>
   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:SignedInfo>
         <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
         <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
         <ds:Reference URI="#TS-23">
            <ds:Transforms>
               <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <ds:DigestValue>1Y+C0rz3Ygf/NlANWNhIATeRa0s=</ds:DigestValue>
         </ds:Reference>
      </ds:SignedInfo>      <ds:SignatureValue>H3QCXTVIwQoatX9pPeWa0eruPj+3/cGp9LhSJgjfNV5GUwpW9kRxxxtMzkKpftNvQn6DF1wzi7dsK9T1YtCal/BzCrict3OEh6eXEnkNvXfCQAI5Fpd9/WuVswg3T8bqztBRKhq4knnP651Qrwsfw2AnUqpKjVLg3TFbA8Vm9KETIoXIYbmKoQqZ1hhMoMr9o3XFcVXpNeQqpazFpJ8eTN7qfAUMxN1us9LYxnOIjdbxdtn0lYepY8YzamVThTyrZB59ZabVjKWm7BObtBpOEWlFAE51NbSvCV+YV5IcdH+84SSwi3qz8G8FS6Q7wklHkw7j82Gcas3IBe5Sa0+32w==</ds:SignatureValue>
      <ds:KeyInfo>
         <ds:X509Data>
            <ds:X509Certificate>HERE_IS_CERT</ds:X509Certificate>
         </ds:X509Data>
      </ds:KeyInfo>
   </ds:Signature>
</wsse:Security>

But instead of X509Data element with certificate I want only reference to BinarySecuritytoken - like this:

<ds:KeyInfo Id="KI-386B31B89CE2A4F90B146642771702811">

<wsse:SecurityTokenReference wsu:Id="STR-386B31B89CE2A4F90B146642771702812">

<wsse:Reference URI="#X509-386B31B89CE2A4F90B146642771702810" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>

</wsse:SecurityTokenReference>

</ds:KeyInfo>

How can I do this?

Thanks

[Rob Richards]

The underlying xmlseclibs library currently doesn't support that. You can see how I do currently do that for soap in my wse-php library (https://github.com/robrichards/wse-php).