WSS Policy sender vouches over ssl (with apache server)

[nordine_b]

Hello,

I need help for testing  WSS Policy with CXF.
We need to use wss sender vouches over SSL with unsigned token and
timestamp.
Our client webservice uses the server's WSDL which include wss policy
(default example supplied by the oasis specification) with SAML V2.0.
We set up the conduit in order to use a keystore and a truststore in order
to communicate with the server (the client authenticate with the server with
his client certificate). We have the SAMLCallbackHandler that set the
subject and the issuer in the callback.
In server side, the https is managed by the http server (apache) which
forward the client certificate to the server. We have the same wsdl that is
used by the client (same wss policy).
When we try to call the server, CXF throws exception with message:

None of the policy alternatives can be satisfied:

... Transport binding
... Transport token
... httpsTOken 
....


Here is the  wss policy we put in the wsdl:
   <wsp:Policy>

      <sp:TransportBinding>

         <wsp:Policy>

          <sp:TransportToken>

            <wsp:Policy>

              <sp:HttpsToken>

                 <wsp:Policy>

               <sp:RequireClientCertificate>

                </wsp:Policy>

               </sp:HttpsToken>
          </wsp:Policy>

         </sp:TransportToken>

         <sp:AlgorithmSuite>

        <wsp:Policy>

              <sp:Basic256 />

            </wsp:Policy>
        </sp:AlgorithmSuite>

       <sp:Layout>

       <wsp:Policy>

              <sp:Strict />

            </wsp:Policy>

         </sp:Layout>

         <sp:IncludeTimestamp />

         </wsp:Policy>

       </sp:TransportBinding>
      <sp:SignedSupportingTokens>

        <wsp:Policy>

           <sp:SamlToken
sp:IncludeToken=”http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient”>

            <wsp:Policy>

              <sp:WssSamlV20Token11/>

           </wsp:Policy>

 </sp:SamlToken>

</wsp:Policy>

</sp:SignedSupportingTokens>

 </wsp:Policy>

We checked logs and the message coming from the client contains the WSS
header with SAML Assertion and Timestamp.

Could someone helps me because i'm pretty blocked.
How can CXF retrieve the certificate forwarded by Apache to check if the
issuer in the SAML issuer field corresponds to the issuer of the certificate
?


--
View this message in context: 
http://cxf.547215.n5.nabble.com/WSS-Policy-sender-vouches-over-ssl-with-apache-server-tp5681761.html
Sent from the cxf-user mailing list archive at Nabble.com.