Hi,
I'm a little bit confused about policy alternatives in cfx.
As far as I understand, the server offers multiple policies, and a
client may implement just one of them. So my setup is like this:
Server-policy:
<wsp:ExactlyOne>
<wsp:All>
#1 SecureConversation policy
</wsp:All>
<wsp:All>
#2 nothing special, clients just send an UsernameToken
</wsp:All>
</wsp:ExactlyOne>
Client-policy:
<wsp:ExactlyOne>
<wsp:All>
#1 SecureConversation policy
</wsp:All>
</wsp:ExactlyOne>
The client defines only the SecureConversation policy in it's wsdl.
If I test my service, they communicate like this:
Client > Server: RST/SCT message
Server > Client: answers with a token
Client > Server: calls the webservice with an encrypted soap message
Server > Client: answers the service call with an unencrypted message
(the server took policy #2 for the answer) -> client throws an exception
"These policy alternatives can not be satisfied"
Shouldn't the server answer with the same policy, that the requesting
client used?
The SecureConversation policy is correct - everything is fine, if I
remove the UsernameToken policy on the serverside.
I can attach my wsdl, soap messages etc, if you need them.
Thanks
Karl
