This works! Thank you! Removing the ProtectTokens assertion stops Weblogic from signing resp. validating the STR inside the KeyInfo.
I was curious and had a look at the WS-SecurityPolicy 1.2 spec and probably Weblogic was right to expect the STR signed? / 6.5 [Token Protection] Property This boolean property specifies whether signatures must cover the token used to generate that signature. If the value is 'true', then each token used to generate a signature MUST be covered by that signature. If the value is 'false', then the token MUST NOT be covered by the signature. Note that in cases where derived keys are used the 'main' token, and NOT the derived key token, is covered by the signature. It is recommended that assertions that define values for this property apply to [Endpoint Policy Subject]. The default value for this property is 'false'./ -Andreas -- View this message in context: http://cxf.547215.n5.nabble.com/Signature-Interop-Issue-Weblogic-Apache-CXF-tp5718487p5719030.html Sent from the cxf-user mailing list archive at Nabble.com.
