I have this working:- a) What i was doing wrong is using Spnego token straight as security token to sign and encrypt, and passing that as a Binary header. b Where as this token should be used to get the secure token from the end point, see spec http://schemas.xmlsoap.org/ws/2005/02/trust/spnego/WSTrustForSPNego.pdf, for more details. c) Also see http://blog.facilelogin.com/2008/11/secure-conversation-with-wcf.html to see the message exchnage between the client and secrvice for the security token issue. d) If you set context.requestMutualAuth(Boolean.FALSE) while setting up the context between the client during GSS API calls, than only one pass initialization , would happen and you will get the security token. e) Make sure to Base64 decode the security token received from the service. f) Also the security token received from service is encrypted as per http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap, and WSS4j dosent support it, so you need to wite logic to decrypt it. g) Decrypting that token is as simple as calling context.unwrap() method on the received token.
I think most of the things are supported in cxf for secure conversation get used here, we just need to provide correct hooking, i am more than happy to push this stuff into cxf, let me know if this is needed. Let me know in case if anybody needs any other info. -- View this message in context: http://cxf.547215.n5.nabble.com/SpnegoContextToken-Security-Token-support-for-CXF-tp569273p4525041.html Sent from the cxf-user mailing list archive at Nabble.com.
