Hi simran A secure conversation related question has been raised here: http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tc4990489.html
The WS-SecureConversation standard defines three use cases: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.3-os.html#_Toc162064047 Based on the message sent to CXF (receiver) from .NET, the .NET client sends the RST (request for the STS) to the application service. This matches with the last use case described in the spec "Security context token created through negotiation/exchanges". Which version of .NET do you use? The reason why I ask is that the STS request sent to the application service has the very old namespace "http://schemas.xmlsoap.org/ws/2005/02/trust";. >>> Just want to ask, does CXF (2.5 onwards) support WsHttpBinding's Message security system? >>> That's a tricky question in this community as the wshttpbinding is a system provided binding in WCF. Especially, the term binding has a different meaning in WCF as for instance in WSDL. I'd say you could compare the WCF binding with a CXF jaxws:endpoint and feature configuration. As described in the msdn library here: http://msdn.microsoft.com/en-us/library/ms731362.aspx There different options for security: transport or message. Message means message-level security, but there are a lot of options. To avoid confusion with terms used in CXF and WCF, could you define what kind of features according to the standards in WS-Security, WS-Trust and such? Thanks ------ Oliver Wulff http://owulff.blogspot.com Solution Architect Talend Application Integration Division http://www.talend.com ________________________________________ Von: simran [[email protected]] Gesendet: Dienstag, 10. Januar 2012 15:17 Bis: [email protected] Betreff: Re: org.apache.cxf.interceptor.Fault: Message part {http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityToken was not recognized. Thanks for your reply Dan. Yes you are right, WCF tool was trying to setup a secure conversation, which was default. Actually, under WCF there was WsHTTPBinding with None, Message, Transport etc. security systems. when our webservice was being used with Messaging security system, it was throwing exceptions. Now the client has changed the security system to NONE, and its working fine now. Just want to ask, does CXF (2.5 onwards) support WsHttpBinding's Message security system? If yes, can you please give me a link for some documentation/examples? Thank you. simran -- View this message in context: http://cxf.547215.n5.nabble.com/org-apache-cxf-interceptor-Fault-Message-part-http-schemas-xmlsoap-org-ws-2005-02-trust-RequestSecur-tp5110603p5134165.html Sent from the cxf-user mailing list archive at Nabble.com.
