Hi again, I just logged the requests from CXF client and Weblogic client to try to see the differences, apparently CXF uses saml for something while Weblogic doesn't (this is the reason of the error I told about in the first message). I dunno why CXF is using it. Here are both requests:
CXF Request (results in the fault exception): <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> <soap:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soap:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="CertId-D481FC339DF95CBCD912753291707573">MIIESTCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCQlIxEzARBgNVBAgTClBlcm5hbWJ1Y28xDzANBgNVBAcTBlJlY2lmZTENMAsGA1UEChMEVEpQRTEfMB0GA1UECxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzEfMB0GA1UEAxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzAeFw0wOTA4MTEyMTA2MTRaFw0xNDA4MTEyMTA2MTRaMFIxCzAJBgNVBAYTAkJSMQ0wCwYDVQQKEwRUSlBFMR8wHQYDVQQLExZBcnF1aXRldHVyYSBlIElub3ZhY2FvMRMwEQYDVQQDEwpDbGllbnRlIElGMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCX0AijGz0BPnri43wFpfqKBJl7tPoWl/yoS1Nt6UaIcFWr23eOWDtsEU+V+tuaxYOLSmu4GMq9raWCeER4xN2OBw4U/YSTPLjwo5HJs8kVcZUKZR0EYncqRXegPm4bLnhjg/8lVzJvQNWvYmieHqGqYpiTl+t8oqsKQ9EPPkp+JQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUiLn0wahXkOWryZKuNfGpXafhDrIwHwYDVR0jBBgwFoAUO/eg2iqez1hnDhCjI/i3Mppm/VIwDQYJKoZIhvcNAQEFBQADggIBACBRUD9kqCM7TDSxyvxKwHniuS2HfnUsss3XSsGFrGq2ywLN522knUXDt4+blK4DarSXt128IEfBrs9QwxhFdzc1tgfAx04p7b4/yhVnfLTy15tNlbcXlYr7vnzLPcQfUjWR6AS262emS5iNN/aIiB7fniIDOCvkp8RD/BBV8Vl5bS/EF8jMXLRAnWtFyKekJEChEHDAixG9CIAxiX0dXjxlBkiGMPC6tq/w2Le6/hWrjdSVObqGXxfmHjG3R47Am8SgKxe6OCp0pIVs/JQmeC8KojMA/vKbv7LRWBLpKKVmdgLdsoOL+zV5DHtfZc3Mxi1q9VMaT6jczixU37De4OdHxcYltoAN70i7TaRi6PVQv9hQsReRX3LH6+Uc/x3xtzUkVGwMQ0NsQwEl3jFiEkB6ZC9ruFlgE6Gm34erSEMadclwNQUA66jm+4xQYA7Ur88Mpdjva5ypcfGxKCmvJ/SoXG2gdt3OpAONj8PWA2bZ7yRDQrJBLYZv5zBT4aeVkcLmu5zBt1DtNiOln6RbjmwRkCnyVCVT01ti5/iRfU3g661gXZITK0vrlSvSenEQCCNOtoGa4OrWELap0uymm6MZqtEIw5qQBvboUxJB6RSt7ziZjWsf6CUaGjJ/mxNcwVVmG2CLUfx0yKebkPiEbsogt4WDhRyoizK2yhOgaLFn</wsse:BinarySecurityToken> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp-3"> <wsu:Created>2010-05-31T18:06:10.350Z</wsu:Created> <wsu:Expires>2010-05-31T18:11:10.350Z</wsu:Expires> </wsu:Timestamp> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="EncKeyId-D481FC339DF95CBCD912753291707402"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"; /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>4iSUz0GV88TQRCsKTya/PyGfV3M=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>UGePsLcGp6rhpZJ+oItgcLd2wzE3VvlX0RmDC0ggbRaY8deiMn/mQrvrdgmSa5Xp/96TqjokI9TvZ7kiqAf/2BXr7B85leTJohMrLECuCG+uiyULKLC0GJuNJvshzxIH6wpROjqoBU0pyNigaAyu9QwkUAQxBe8weHi12BvrVF4= </xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> <xenc:ReferenceList> <xenc:DataReference URI="#EncDataId-6" /> </xenc:ReferenceList> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-5"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"; /> <ds:Reference URI="#Id-3753442"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>NXD7iEVitl5m0elha7vHUbgd/DY=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timesef3tamp-3"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>PPo4pDWXp/tapMJHAruc+dUPN9A=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>yUgUV9cwSGd3FvSyWr/Vo9I+PIU=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-D481FC339DF95CBCD912753291707656"> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-D481FC339DF95CBCD912753291707667"> <wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; URI="#EncKeyId-D481FC339DF95CBCD912753291707402" ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#EncryptedKey"; /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-4"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <ds:Reference URI="#Signature-5"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>PrGESd3rCQyKFGWysY4wDIhdCZ8=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>EYZFpRXfbFCJk6OYn1LLLtfAU89SRg4ToImfgDlfA/31fH/iApMnqnGZdgOD5jtDEHo4jOF8zR0099HWD03TiTiZSur0HtlX/yM9TUorWqHNz8mOBFBmkEtAoldTVsID24bmikg5vMBQTihBnaX/OEf2rHMyVgVz2HubYkzP7co= </ds:SignatureValue> <ds:KeyInfo Id="KeyId-D481FC339DF95CBCD912753291707644"> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-D481FC339DF95CBCD912753291707645"> <wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; URI="#CertId-D481FC339DF95CBCD912753291707573" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </soap:Header> <soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-3753442"> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="EncDataId-6" Type="http://www.w3.org/2001/04/xmlenc#Content";> <xenc:EncryptionMethod xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; URI="#EncKeyId-D481FC339DF95CBCD912753291707402" /> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> <xenc:CipherValue xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>l3+6ZmsAOov/GIbUHgMh/68I6LEPpOYQBO3R3meTXVvA56HA7BGbXMn1geTNMKueBGsyedcNuyaKov+O55JEfZMwk4feXVZgv0NT7UcKBNin9/4ZiPMSMKh3HzkyqHUlnOclawbRdeuWnvdKrkf7RrGOp8lF5F5mnL2JFfps+K4p3rho3gVQlRufjT7ad3m+OdTRCRvfcPuAYFSorSC1PKSBGlUV2PJHiKebwaU3ngT5eABOf5r1XTMZdGt+9IQlsSrrU/Fqt+rd3pc/FdhngZ6oQ28/QH4aTmPEAL8yI2TkQPOq7JpiNnRcRL1y/5o45fi2j3tmEMGCddSCB6PSOrOpfvSIcCngTgYJfJbZQNvbVnY/9Ub4vXaavQzSkH18BkP0nqWTjb9LCZPlrZcPrQ== </xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </soap:Body> </soap:Envelope> And here's the Weblogic client request (which works): <S:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; S:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="bst_bwNey1qVuDNpbeI8">MIIEBDCCAeygAwIBAgIBBzANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCQlIxEzARBgNVBAgTClBlcm5hbWJ1Y28xDzANBgNVBAcTBlJlY2lmZTENMAsGA1UEChMEVEpQRTEfMB0GA1UECxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzEfMB0GA1UEAxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzAeFw0xMDA0MTIyMDE5MzlaFw0xNTA0MTIyMDE5MzlaMGAxCzAJBgNVBAYTAkJSMRMwEQYDVQQIEwpQZXJuYW1idWNvMQ0wCwYDVQQKEwRUSlBFMR8wHQYDVQQLExZBcnF1aXRldHVyYSBlIElub3ZhY2FvMQwwCgYDVQQDEwNwZ2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMjyb4xMGkHngVgNxITgBXqg1dcIH7UDnDxg8XXSv35vPkF2kLAWeVGPSCSdMV4F2SNvYIA3sEa+3biAjjpFM4S/y4W0UxXPYF7BXGtweXfvXAEFZxHvjv/pepFvQ+mYML4vSuGe2iTHCqgLv8NKLAaDWUEYeX5yKasOPKc3KD8pAgMBAAGjKDAmMCQGA1UdEQQdMBugGQYFYEwBAwOgEBMOMTAxMjMxMjMwMDAxODEwDQYJKoZIhvcNAQEFBQADggIBABJkSTUASP+xIazYFv9pX7nVWG6B8s7q51j81mhFpgJHz91dGP3tx3OxU0IwCWnb7HJ53+0YcaGt0WuIhCHMW74VqnUfdudLw+xz9ZRQBGKCChdLxLvjb8BJlLoM5kmURrAKxShZfg4uc5FB2AeNaWb01DeYUie1qmIsrQ8hKWAsvy/gU38D8q+4WTlWxhyXhQ1p0zF2bEoNZKv7D2jezcb6gJ1Jiw9i4oOCDW6zxnDL3/SqL1kKXuzvdboxxElodCf17jmo9aAGjLXaFwiR0M2UaXTOw0mM2ztW8ZDZjeorzCKDjgACpopRjjrjFofJVNdFDJ9W+zgWEUnocsgAWeA9naPAZbRO9fXmKiY5Dh7nMmHAinugcvyboInwRRXKWCnJabmmNTWPfOlEslVc/SRq7k2uDBbKRktFtqsLmZ1llxjnMDOOh9el0eFr2/tdFP4BaIzKmTGs/M54E0ASr5alN6yVGLat0nsvQejayILLONpyPos31873QvxbJ+B8OiGyvYNN9vsAGVpOR3m1Iyp7Jp0h0rt5F/cCm5Acn22KXUQ9FOs3YFdQ/XHYaf+TIFOtZ9O13E1MutYGB2QLKQ1KF7dTvxQNqiLbhj2ZWOpEPiNAMjAoT92LVGKnbY+7ifd6w9ild+hZ24qRhhwB3waYlUC0YT7rXHEJscANbQHv</wsse:BinarySecurityToken> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <dsig:Reference URI="#Signature_kk83N77CLpShHz9w"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <dsig:DigestValue>c8ty+xdRZn3ypJpoNAwIN8YZJv4=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#bst_bwNey1qVuDNpbeI8"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <dsig:DigestValue>TdGDkcripONkaUA8ybzPgyg53to=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>QAKYZ5zsmfZBy89NEg0X8YqxY/rQTZYiytn1cxvTgknDwjOdu5BuV4c2r51Jop1AqBAX6+MNtGNt+QDxfPl2dkF5xmZUFgiaY/hIR3nRJKEoZHppLQ5JxYg8Fm+saYSk5yBbzR1yzaPvct9tL28Lly5vDPb7ICEtqzcPczFDPws= </dsig:SignatureValue> <dsig:KeyInfo> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="str_p7nfqNxnHJ21KThe"> <wsse:Reference URI="#bst_bwNey1qVuDNpbeI8" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; /> </wsse:SecurityTokenReference> </dsig:KeyInfo> </dsig:Signature> <ns1:EncryptedKey xmlns:ns1="http://www.w3.org/2001/04/xmlenc#"; Id="encKey_kEmrGJaMMEL1kNgP"> <ns1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";> <ns2:DigestMethod xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"; Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> </ns1:EncryptionMethod> <ns3:KeyInfo xmlns:ns3="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="str_NuomYL1ba5d8s2Cv"> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>4iSUz0GV88TQRCsKTya/PyGfV3M=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ns3:KeyInfo> <ns1:CipherData> <ns1:CipherValue>eUT3yUj2kJTCSY6eNFKeMHhET6jM8JJO7J3OHWIbA+u3Bit13B3Che6OFQGfXZTpZRJbEGm33KnzHuXXpRN7sRBv93OckMz86LyrHQJ1WbiCVO7pv0Nu9RLg2wLM1vJR1KGAi0/sWJEwb2fdCOyljP3Lvn4iBvaqNYUUK0SUauw= </ns1:CipherValue> </ns1:CipherData> <ns1:ReferenceList> <ns1:DataReference URI="#RCjGe2zejEXL7QIR" /> </ns1:ReferenceList> </ns1:EncryptedKey> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; Id="Signature_kk83N77CLpShHz9w"> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"; /> <dsig:Reference URI="#Timestamp_IDQ0VYbp1YNAgoOK"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <dsig:DigestValue>FXvVstJFIXolN8KXN16BQcet93c=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#Body_JpUdb9TH7SdDAzos"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <dsig:DigestValue>7dTbK5cIfxNQHWNE0ARY8hgBAvU=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>+sK1CIr2E7l+wBVxFFzQ4X5PGog= </dsig:SignatureValue> <dsig:KeyInfo> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"; wsu:Id="str_n22pnEhefgLzxzrj"> <wsse:Reference URI="#encKey_kEmrGJaMMEL1kNgP" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"; /> </wsse:SecurityTokenReference> </dsig:KeyInfo> </dsig:Signature> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp_IDQ0VYbp1YNAgoOK"> <wsu:Created>2010-05-31T18:02:28Z</wsu:Created> <wsu:Expires>2010-05-31T18:03:28Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </S:Header> <S:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Body_JpUdb9TH7SdDAzos"> <ns1:EncryptedData xmlns:ns1="http://www.w3.org/2001/04/xmlenc#"; Encoding="UTF-8" Id="RCjGe2zejEXL7QIR" MimeType="text/xml" Type="http://www.w3.org/2001/04/xmlenc#Content";> <ns1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; /> <ns1:CipherData> <ns1:CipherValue>cpLr03f4fP85pAazzOFK7Hmy00UunropJoNWz9xF7IPNHpyyYM/eN25dQmuf7Hzd3qwSfuuBAo9r6DDCM3Df5r+d+7giS8mC9M+rNx+on768MTF2bDF+iaMgI8QsV2GCSINea/WHQgYJIsc6pCacNA== </ns1:CipherValue> </ns1:CipherData> </ns1:EncryptedData> </S:Body> Sorry for the lots of information but I think this is gonna help in finding the problem ! Thank you 2010/5/31 Augusto Lima Filho <[email protected]>: > Hi again, > sorry, my mistake, here's the client config: > The client is a standalone java APP and the config consists of this > cxf.xml file: > > <beans xmlns="http://www.springframework.org/schema/beans"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:beans="http://www.springframework.org/schema/beans"; > xmlns:jaxws="http://cxf.apache.org/jaxws"; > xmlns:soap="http://cxf.apache.org/bindings/soap"; > xmlns:cxf="http://cxf.apache.org/core"; > xmlns:p="http://cxf.apache.org/policy"; > xsi:schemaLocation=" > http://cxf.apache.org/core > http://cxf.apache.org/schemas/core.xsd > http://cxf.apache.org/policy > http://cxf.apache.org/schemas/policy.xsd > http://cxf.apache.org/jaxws > http://cxf.apache.org/schemas/jaxws.xsd > http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans.xsd "> > > <jaxws:client name="{http://swap/test/v01}SwapTestPort"; > createdFromAPI="true"> > <jaxws:properties> > <entry key="ws-security.username" value="clientif" /> > <entry key="ws-security.callback-handler" > > value="br.jus.tjpe.seguranca.ClientKeystorePasswordCallback" /> > <entry key="ws-security.signature.properties" > value="client.properties" /> > <entry key="ws-security.encryption.properties" > value="service.properties" /> > </jaxws:properties> > </jaxws:client> > </beans> > > The client.properties and service.properties files are the following: > > client.properties file: > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin > org.apache.ws.security.crypto.merlin.keystore.type=jks > org.apache.ws.security.crypto.merlin.keystore.alias=clientif > org.apache.ws.security.crypto.merlin.keystore.password=cspass > org.apache.ws.security.crypto.merlin.file=clientstore.jks > > service.properties file: > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin > org.apache.ws.security.crypto.merlin.keystore.type=jks > org.apache.ws.security.crypto.merlin.keystore.alias=intif > org.apache.ws.security.crypto.merlin.keystore.password=cspass > org.apache.ws.security.crypto.merlin.file=clientstore.jks > > I suppose the problems are not with the keystore since the client > using the weblogic libraries work. > Also, the client is being generated through the following ant task: > > <target name="cxfWSDLToJava_SWAPTEST"> > <java > classname="org.apache.cxf.tools.wsdlto.WSDLToJava" fork="true"> > <arg value="-client" /> > <arg value="-d" /> > <arg value="generated" /> > <arg > value="http://localhost:7001/swaptest/SwapTest?WSDL"; /> > <classpath> > <path refid="cxf.classpath" /> > </classpath> > </java> > </target> > > This is all the client config. Just as some more information, this > policy created by the oracle tool has description as follow: > > "This policy enforces message-level protection and certificate-based > authentication for inbound SOAP requests in accordance with the > WS-Security 1.1 standard. Messages are protected using WS-Security's > Basic 128 suite of symmetric key technologies, specifically RSA key > mechanisms for message confidentiality, SHA-1 hashing algorithm for > message integrity, and AES-128 bit encryption. The keystore is > configured through the security configuration. The certificate is > extracted from the WS-Security binary security token header, and the > credentials in the certificate are validated against the configured > identity store." > > I dunno if the problem is in my client config or in the policy itself > (like something proprietary to oracle) since the weblogic client > works. > Again, thank you very much ! > > 2010/5/30 CXF-de'per <[email protected]>: >> >> Post your configurations for ws-security... >> >> Lupan wrote: >>> >>> Hello guys, >>> I'm having to write a Web service client with CXF 2.2.8 to consume a >>> web service which uses WS-SecurityPolicy on it. The policies shown in >>> the WSDL are created and managed by an Oracle tool (Oracle Webservices >>> Manager), they're not manually written and are shipped with the >>> product. The product claims the policies are compliant with the latest >>> standards and that are interoperable with other stacks. Because of >>> that I'm trying to use the CXF Client since the client written with >>> the own Oracle Stack obviously worked. Unfortunately I'm receiving a >>> Generic error in the client: >>> >>> ... >>> Caused by: org.apache.cxf.binding.soap.SoapFault: FailedCheck : >>> failure in security check >>> at >>> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) >>> at >>> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) >>> at org >>> ... >>> >>> Since this is a client error went to the server logs to see what >>> happened. There is a line in the log: >>> >>> <Error> <oracle.wsm.resources.security> <WSM-00035> <Error in >>> Signature reference mechanism compliance : Expected : >>> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey >>> , Actual : >>> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#EncryptedKey.> >>> >>> I don't know if there is something I'm missing in the CXF client >>> configuration or if there is a problem in the Oracle Policy (like >>> proprietary tags in it) or anything else. >>> Here is the WSDL I'm trying to consume: >>> >>> <definitions name="SwapTestService" >>> targetNamespace="http://swap/test/v01";> >>> <wsp:Policy wsu:Id="SwapTestPort_Fault_Policy" /> >>> <wsp:Policy wsu:Id="SwapTestPort_Input_Policy"> >>> <sp:SignedParts> >>> <sp:Body /> >>> <sp:Header >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header >>> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"; >>> /> >>> <sp:Header Name="fmw-context" >>> Namespace="http://xmlns.oracle.com/fmw/context/1.0"; /> >>> </sp:SignedParts> >>> <sp:EncryptedParts> >>> <sp:Body /> >>> <sp:Header Name="fmw-context" >>> Namespace="http://xmlns.oracle.com/fmw/context/1.0"; /> >>> </sp:EncryptedParts> >>> </wsp:Policy> >>> <wsp:Policy wsu:Id="SwapTestPort_Output_Policy"> >>> <sp:SignedParts> >>> <sp:Body /> >>> </sp:SignedParts> >>> <sp:EncryptedParts> >>> <sp:Body /> >>> </sp:EncryptedParts> >>> </wsp:Policy> >>> >>> <wsp:Policy >>> wsu:Id="wss11_x509_token_with_message_protection_service_policy"> >>> <sp:SymmetricBinding> >>> <wsp:Policy> >>> <sp:ProtectionToken> >>> <wsp:Policy> >>> <sp:X509Token >>> >>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> >>> <wsp:Policy> >>> >>> <sp:RequireThumbprintReference /> >>> >>> <sp:WssX509V3Token11 /> >>> </wsp:Policy> >>> </sp:X509Token> >>> </wsp:Policy> >>> </sp:ProtectionToken> >>> >>> <sp:AlgorithmSuite> >>> <wsp:Policy> >>> <sp:Basic128 /> >>> </wsp:Policy> >>> </sp:AlgorithmSuite> >>> >>> <sp:Layout> >>> <wsp:Policy> >>> <sp:Lax /> >>> </wsp:Policy> >>> </sp:Layout> >>> <sp:IncludeTimestamp /> >>> <sp:ProtectTokens /> >>> <sp:OnlySignEntireHeadersAndBody /> >>> </wsp:Policy> >>> </sp:SymmetricBinding> >>> >>> <sp:EndorsingSupportingTokens> >>> <wsp:Policy> >>> <sp:X509Token >>> >>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> >>> <wsp:Policy> >>> <sp:WssX509V3Token11 /> >>> </wsp:Policy> >>> </sp:X509Token> >>> </wsp:Policy> >>> </sp:EndorsingSupportingTokens> >>> >>> <sp:Wss11> >>> <wsp:Policy> >>> <sp:RequireSignatureConfirmation /> >>> <sp:MustSupportRefEncryptedKey /> >>> </wsp:Policy> >>> </sp:Wss11> >>> </wsp:Policy> >>> >>> <types> >>> >>> <xsd:schema> >>> <xsd:import namespace="http://swap/test/v01"; >>> >>> schemaLocation="http://localhost:7001/swaptest/SwapTest?xsd=1"; /> >>> </xsd:schema> >>> </types> >>> >>> <message name="testSwap"> >>> <part name="parameters" element="tns:testSwap" /> >>> </message> >>> >>> <message name="testSwapResponse"> >>> <part name="parameters" element="tns:testSwapResponse" /> >>> </message> >>> >>> <portType name="TestWSImpl"> >>> >>> <operation name="testSwap"> >>> <input message="tns:testSwap" /> >>> <output message="tns:testSwapResponse" /> >>> </operation> >>> </portType> >>> >>> <binding name="SwapTestPortBinding" type="tns:TestWSImpl"> >>> <soap:binding style="document" >>> transport="http://schemas.xmlsoap.org/soap/http"; /> >>> <wsp:PolicyReference >>> >>> URI="#wss11_x509_token_with_message_protection_service_policy" >>> wsdl:required="false" /> >>> >>> <operation name="testSwap"> >>> <soap:operation soapAction="" /> >>> >>> <input> >>> <soap:body use="literal" /> >>> <wsp:PolicyReference >>> URI="#SwapTestPort_Input_Policy" >>> wsdl:required="false" /> >>> </input> >>> >>> <output> >>> <soap:body use="literal" /> >>> <wsp:PolicyReference >>> URI="#SwapTestPort_Output_Policy" >>> wsdl:required="false" /> >>> </output> >>> </operation> >>> </binding> >>> >>> <service name="SwapTestService"> >>> >>> <port name="SwapTestPort" binding="tns:SwapTestPortBinding"> >>> <soap:address >>> location="http://localhost:7001/swaptest/SwapTest"; /> >>> >>> <wsa:EndpointReference> >>> >>> <wsa:Address>http://localhost:7001/swaptest/SwapTest</wsa:Address> >>> <wsid:Identity> >>> <dsig:KeyInfo> >>> <dsig:X509Data> >>> >>> <dsig:X509Certificate>MIIEUDCCAjigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCQlIxEzARBgNVBAgTClBlcm5hbWJ1Y28xDzANBgNVBAcTBlJlY2lmZTENMAsGA1UEChMEVEpQRTEfMB0GA1UECxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzEfMB0GA1UEAxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzAeFw0wOTA4MTEyMTI1MDdaFw0xNDA4MTEyMTI1MDdaMFkxCzAJBgNVBAYTAkJSMQ0wCwYDVQQKEwRUSlBFMR8wHQYDVQQLExZBcnF1aXRldHVyYSBlIElub3ZhY2FvMRowGAYDVQQDExFJbnRlZ3JhY2FvIEZpc2NhbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAictuCNxhLJ2kP9p6TZvwRUTvuoKHS2HMUVjVR3u42BoMf7t83eZMUvBxc3+KdF4MjABgn8H/dPzlc09xCQcd/E5NbYEqagvW3mcJRmO/RyTQEbEySzHLoG/yEJZSz/5adwrTMaZCdm5SLzqfbL8g2Ojmrw11kGNOgLhD9W4UpnECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPNBvtmMi8wQ6I2PjOWjTNcICTV6MB8GA1UdIwQYMBaAFDv3oNoqns9YZw4QoyP4tzKaZv1SMA0GCSqGSIb3DQEBBQUAA4ICAQBkDVoCKmkMGdDF7sQAPfv6kKXQoWutQZ62jgoXLy9TLnGFDh1lde+AF6uE68PwzhpSq0+LVtysW0nwoV5lm0bqU4xw/eopelyMrXLjRaWEZ45owDzOE/+qOATMsV4AfXb5MVnQVpAQXQPntJtwFivw1AIBacluL8RXWepz1N5dols1HSERDI3jyPZ067nfFLfCbv9pTrRjLk5MQiQ4+Ri7lFT7Oj8gxqO+4mMt4W9xE4SfR3rUDq3Srtz9bQE2sP5vyG3+D+smmtENb5Wv+TlmNzBzYjvBe76gChMDG9ftGuaiX4NOERod0u7x2s2Q94pDngL7wxRuVpI1cCQ2LxYMGeZ1Nf9fqdj9fvG+prg17OPP/Jp/LiO9rz8CZs3krFFcZI0KXvsCfSK67moxW4acE14pBbkNnGsV1V9AogCUHPmrxs/vaAF/+5GKr0USIHIfS/LsSvW0A8I8BFoa72nLtp7nfsx43sXgzGZ/O0XV75guzu/CEA7XtvvYcgcibEjW+1IaXsIWjUljMDFC81IKP+bbUX0lQEfu9lLiwXBh8EPiVmR59ioQIdAZsiPWSn54146aqWoL2qpPrjMBtvQat9q+XZOdwPn0KlmPUdz/khLp8AInFmuUnGJz6/9CPYP+eG/5vJ7kjAGmt8ckkmAdC4dntC6hxYJpLaq418SEtw==</dsig:X509Certificate> >>> >>> <dsig:X509IssuerSerial> >>> >>> <dsig:X509IssuerName>CN=Arquitetura e Inovacao, OU=Arquitetura e >>> >>> Inovacao, O=TJPE, L=Recife, ST=Pernambuco, >>> C=BR</dsig:X509IssuerName> >>> >>> <dsig:X509SerialNumber>1</dsig:X509SerialNumber> >>> >>> </dsig:X509IssuerSerial> >>> >>> <dsig:X509SubjectName>CN=Integracao Fiscal, OU=Arquitetura e >>> Inovacao, >>> O=TJPE, C=BR</dsig:X509SubjectName> >>> >>> <dsig:X509SKI>80G+2YyLzBDojY+M5aNM1wgJNXo=</dsig:X509SKI> >>> </dsig:X509Data> >>> </dsig:KeyInfo> >>> </wsid:Identity> >>> </wsa:EndpointReference> >>> </port> >>> </service> >>> </definitions> >>> >>> Please, any help will be much appretiated ! >>> Thank you ! >>> >>> >> >> -- >> View this message in context: >> http://old.nabble.com/Problem-with-WS-SecurityPolicy-using-CXF-client-vs-Oracle-WS.-tp28712412p28720286.html >> Sent from the cxf-user mailing list archive at Nabble.com. >> >> >
