Hello Matteo! You can take a look under samples/ws_security/interopfest in your CXF download.
Regards, Magnus. -- Magnus Larsson Callista Enterprise AB Mobile: +46 (0)733-51 91 72 mailto:[email protected] http://www.callistaenterprise.se On Fri, Jan 28, 2011 at 8:53 AM, matteo rulli <[email protected]>wrote: > Dear all, > > we have been working with CXF for a year and we are completely satisfied > with that. In the last week we had the idea to interact with a Microsoft > WCF > client (.net 4.0). We managed to interact quite well generating the WCF > proxy from the wsdl published by CXF. Then we threw ws-security in to that > and the maelstrom began. > > > > We protect envelopes at message level with X.509 certs and we are using > mutual auth. with msg body signature and encryption. Server-side (CXF) we > are using WSS4J as security provider and we have the following > configuration: > > > > outProps.put("action","UsernameToken Signature Encrypt"); > > outProps.put("passwordType","PasswordText"); > > outProps.put("user",user); > > outProps.put("signatureUser","serverx509v1"); > > > > outProps.put("passwordCallbackClass","plat1.ws.security.handlers.UTPasswordC > allback"); > > outProps.put("encryptionUser","clientx509v1"); > > outProps.put("encryptionPropFile","Server_SignVerf.properties"); > > outProps.put("encryptionKeyIdentifier", "IssuerSerial"); > > > outProps.put("encryptionParts","{Content}{ > http://schemas.xmlsoap.org/soap/en > velope/}Body"); > > outProps.put("signaturePropFile","Server_Decrypt.properties"); > > outProps.put("signatureKeyIdentifier", "DirectReference"); > > > outProps.put("signatureParts","{Element}{ > http://schemas.xmlsoap.org/soap/env > elope/}Body"); > > > > where > > > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry > pto.Merlin > > org.apache.ws.security.crypto.merlin.keystore.type=jks > > > > The point is that we are not able to implement a WCF client which is able > to > interact with our server: could anybody suggest where we could find a > working example/how-to? I found this claim about CXF: > > "The GOOD news is that CXF 2.2 now passes the Microsoft > Interop PlugFest tests for WS-Security 1.0 and 1.1, WS-SecureConversation, > and the client side portion of WS-Trust 1.0 and parts of WS-Trust 1.3. > That's a > > huge step forward in interopability with WCF." > > So I think someone should have produced a test-bench for these > interoperability tests: does anybody know if this test-bench is publicly > available? > > > > Thank you very much. > > > > Matteo Rulli > > > >
