Here's the policy, it's the SAML2 SV asym. policy, which ships with Weblogic.
I customized it by removing the OnlySignEntireHeadersAndBody assertion and
adding the SignedParts assertion. (I also tried with the
OnlySignEntireHeadersAndBody assertion with the same result.)
<wsp1_2:Policy
wssutil:Id="Wssp1.2-2007-Saml2.0-SenderVouches-Wss1.1-Asymmetric.xml">
<ns1:AsymmetricBinding
xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp1_2:Policy>
<ns1:InitiatorToken>
<wsp1_2:Policy>
<ns1:X509Token
ns1:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
<wsp1_2:Policy>
<ns1:RequireThumbprintReference />
<ns1:WssX509V3Token11 />
</wsp1_2:Policy>
</ns1:X509Token>
</wsp1_2:Policy>
</ns1:InitiatorToken>
<ns1:RecipientToken>
<wsp1_2:Policy>
<ns1:X509Token
ns1:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
<wsp1_2:Policy>
<ns1:RequireThumbprintReference />
<ns1:WssX509V3Token11 />
</wsp1_2:Policy>
</ns1:X509Token>
</wsp1_2:Policy>
</ns1:RecipientToken>
<ns1:AlgorithmSuite>
<wsp1_2:Policy>
<ns1:Basic256 />
</wsp1_2:Policy>
</ns1:AlgorithmSuite>
<ns1:Layout>
<wsp1_2:Policy>
<ns1:Lax />
</wsp1_2:Policy>
</ns1:Layout>
<ns1:IncludeTimestamp />
<ns1:ProtectTokens />
</wsp1_2:Policy>
</ns1:AsymmetricBinding>
<ns2:SignedSupportingTokens
xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp1_2:Policy>
<ns2:SamlToken
ns2:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
<wsp1_2:Policy>
<ns2:WssSamlV20Token11 />
</wsp1_2:Policy>
</ns2:SamlToken>
</wsp1_2:Policy>
</ns2:SignedSupportingTokens>
<ns3:Wss11
xmlns:ns3="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp1_2:Policy>
<ns3:MustSupportRefKeyIdentifier />
<ns3:MustSupportRefIssuerSerial />
<ns3:MustSupportRefThumbprint />
<ns3:MustSupportRefEncryptedKey />
<ns3:RequireSignatureConfirmation />
</wsp1_2:Policy>
</ns3:Wss11>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<sp:Body/>
</sp:SignedParts>
</wsp1_2:Policy>
-Andreas
--
View this message in context:
http://cxf.547215.n5.nabble.com/Signature-Interop-Issue-Weblogic-Apache-CXF-tp5718487p5719016.html
Sent from the cxf-user mailing list archive at Nabble.com.
