Could you create JIRAs in WSS4J + CXF and attach the patches there?
Colm.
On Wed, Jun 17, 2015 at 3:44 PM, Freddy Exposito expos...@gmail.com wrote:
Secure Conversation Renew is not working from a .NET client because
ws:Instance is missing in the SecurityContextToken.
Reading into the standard here -
http://docs.oasis-open.org/ws-sx/ws-secureconversation/v1.4/os/ws-secureconversation-1.4-spec-os.html
says the following:
The initial issuance need not contain a wsc:Instance element, however, all
subsequent issuances with different keys MUST have a wsc:Instance element
with a unique value.
Also a reference seems to be required in the SecurityTokenRefernce
according
to this:
If a specific key instance needs to be referenced, then the global
attribute wsc:Instance is included in the wsse:Reference sub-element
(only
when using wsc:Identifier references)
The following patches for wss4j (2.0.x branch)
wss4j-sct-with-instance.patch
http://cxf.547215.n5.nabble.com/file/n5758363/wss4j-sct-with-instance.patch
and cxf (3.0.x branch) cxf-sct-with-instance.patch
http://cxf.547215.n5.nabble.com/file/n5758363/cxf-sct-with-instance.patch
work for us.
Would be possible to include this in the next cxf and wss4j releases?
Thanks,
Freddy
--
View this message in context:
http://cxf.547215.n5.nabble.com/Issue-with-the-renew-of-SCT-in-Secure-Conversation-tp5758363.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com