I guess I understand your problem. If you configure the .NET "ws2007FederationHttpBinding" it enforces the usage of WS-SecureConversation. The ws2007FederationHttpBinding is a system-provided binding. Each WCF binding is built from a set of system-provided binding elements. You can also configure a custom binding which also includes custom binding elements.
I assume that you have configured the ws2007FederationHttpBinding binding. Is that correct? Could you share your .net configuration file? The WS-SecureConversation standard defines three use cases: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.3-os.html#_Toc162064047 Based on the message sent to CXF (receiver) from .NET, the .NET client sends the RST (request for the STS) to the application service instead of a dedicated STS instance. This matches with the last use case described in the spec "Security context token created through negotiation/exchanges". I've got the question for you whether the usage of WS-SecureConversation is really needed or is it just used implicitly due to the usage of the wsFederationHttpBindig? What are your security requirements for the communication between .NET client and CXF service? Thanks Oli ------ Oliver Wulff http://owulff.blogspot.com Solution Architect Talend Application Integration Division http://www.talend.com ________________________________________ Von: Colm O hEigeartaigh [[email protected]] Gesendet: Freitag, 6. Januar 2012 10:52 Bis: [email protected] Betreff: Re: General security error (Provided SAML token does not contain a suitable key) You could copy the WS-Security examples system test for Secure Conversation using your own WSDL and try to reproduce the error that way: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java?view=markup Colm. On Thu, Jan 5, 2012 at 5:57 PM, danlee100 <[email protected]> wrote: > I am not sure what I could provide to you as a test-case. > > The WSDL on the server can be seen here: > > http://66.211.102.200/gen4/services/AssessmentDataService?wsdl > > The client hitting this service is actually a Microsoft implementation. > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p5123388.html > Sent from the cxf-dev mailing list archive at Nabble.com. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
