Hi Colm, It is exporting a policy at the top (and a policy for every method in and every method out...)
I've attached the policy... it doesn't say much to me I confess.... <wsp:Policy wsu:Id="WSHttpBinding_IRedmanAPI_policy"> <wsp:ExactlyOne> <wsp:All> <sp:SymmetricBinding xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:SecureConversationToken sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient "> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:BootstrapPolicy> <wsp:Policy> <sp:SignedParts> <sp:Body/> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing "/> <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing "/> <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/> </sp:SignedParts> <sp:EncryptedParts> <sp:Body/> </sp:EncryptedParts> <sp:SymmetricBinding> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <mssp:SslContextToken xmlns:mssp=" http://schemas.microsoft.com/ws/2005/07/securitypolicy"; sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient "> <wsp:Policy> <sp:RequireDerivedKeys/> </wsp:Policy> </mssp:SslContextToken> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:EncryptSignature/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:SignedSupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient "> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SignedSupportingTokens> <sp:Wss11> <wsp:Policy/> </sp:Wss11> <sp:Trust10> <wsp:Policy> <sp:MustSupportIssuedTokens/> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> </wsp:Policy> </sp:Trust10> </wsp:Policy> </sp:BootstrapPolicy> </wsp:Policy> </sp:SecureConversationToken> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:EncryptSignature/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy/> </sp:Wss11> <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:MustSupportIssuedTokens/> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> </wsp:Policy> </sp:Trust10> <wsaw:UsingAddressing/> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> And for every method (input and output) - something like this ... <wsp:Policy wsu:Id="WSHttpBinding_IRedmanAPI_RegisterNewUser_Input_policy"> <wsp:ExactlyOne> <wsp:All> <sp:SignedParts xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Body/> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"; /> <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"; /> <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/> </sp:SignedParts> <sp:EncryptedParts xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Body/> </sp:EncryptedParts> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> On Wed, Feb 13, 2013 at 10:01 AM, Colm O hEigeartaigh <[email protected]>wrote: > Hi, > > The CXF client will need a WSDL with a WS-SecurityPolicy fragment in it > describing the security requirements of the service. Take a look at the > WSDL your .NET service is exporting. I've never tried doing interop work > with a WCF service using the WCF wsHttpBinding, but I believe it can be > done. > > Colm. > > On Wed, Feb 13, 2013 at 9:26 AM, alan mcsherry < > [email protected]> wrote: > > > Hi, > > > > I've been involved in developing web services for 2 months now using > Apache > > CXF and all has gone well. > > > > Until I needed to interact with an external service generated with .NET. > In > > this case my client was configured thus: > > > > <jaxws:client id="redmanApi" > > username="test" > > password="password" > > serviceName="cc:RedmanAPIService" > > endpointName="cc:RedmanAPIServiceEndpoint" > > address="http://redman.software.com:6580/redmanAPI"; > > serviceClass="uk.co.redmanapi.IRedmanAPI"> > > <jaxws:binding> > > <soap:soapBinding version="1.2" style="document"/> > > </jaxws:binding> > > <jaxws:properties> > > </jaxws:properties> > > </jaxws:client> > > > > And I get a 'Connection Reset' error. The client cannot send the > message. I > > cannot seem to configure my client to connect! > > I can connect using a .NET client provided to me, it has the following > > configuration.... > > > > <system.serviceModel> > > <client> > > <endpoint > > name="WSHttpBinding_IRedmanAPI" > > address="http://redman.software.com:6580/RedmanAPI"; > > binding="wsHttpBinding" > > bindingConfiguration="WSHttpBinding_IRedmanAPI" > > contract="IRedmanAPI"> > > <identity> > > <dns value="redman.software.com"/> > > </identity> > > </endpoint> > > </client> > > > > <bindings> > > <wsHttpBinding> > > <binding name="WSHttpBinding_IRedmanAPI" > > bypassProxyOnLocal="false" transactionFlow="false" > > hostNameComparisonMode="StrongWildcard" > > messageEncoding="Text" textEncoding="utf-8" > > useDefaultWebProxy="true" > > allowCookies="false"> > > <security mode="Message"> > > <message clientCredentialType="UserName"/> > > </security> > > </binding> > > </wsHttpBinding> > > </bindings> > > </system.serviceModel> > > > > The successful .NET client interaction looks like this ....(with some > > values changed) > > > > 2013-02-12 10:05:23,230 [14] as service in context of the reseller > 'test': > > after receiving request: [urn:co.uk/RedmanAPI/IRedmanAPI/RegisterNewUser > ], > > GUID:[56f9b3e2-3b4d-4332-8c20-064a06314a24], Request: > > <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"; xmlns:a=" > > http://www.w3.org/2005/08/addressing"; xmlns:u=" > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > "> > > <s:Header> > > <a:Action s:mustUnderstand="1" u:Id="_2">urn: > > co.uk/RedmanAPI/IRedmanAPI/RegisterNewUser</a:Action> > > <a:MessageID > > u:Id="_3">urn:uuid:e15ff563-01f2-4063-822a-387ad7088ff6</a:MessageID> > > <a:ReplyTo u:Id="_4"> > > <a:Address>http://www.w3.org/2005/08/addressing/anonymous > > </a:Address> > > </a:ReplyTo> > > <a:To s:mustUnderstand="1" u:Id="_5"> > > http://redman.software.com:6580/RedmanAPI</a:To> > > <o:Security s:mustUnderstand="1" xmlns:o=" > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > "> > > <u:Timestamp u:Id="uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-11"> > > <u:Created>2013-02-12T09:06:20.457Z</u:Created> > > <u:Expires>2013-02-12T09:11:20.457Z</u:Expires> > > </u:Timestamp> > > <c:SecurityContextToken > > u:Id="uuid-b82539dc-ca7e-41d4-b68a-1e7bfb9fe6ba-5" xmlns:c=" > > http://schemas.xmlsoap.org/ws/2005/02/sc";> > > > > > <c:Identifier>urn:uuid:b19e1dc9-d1b5-440c-8cae-20cca6c7d6fa</c:Identifier> > > </c:SecurityContextToken> > > <c:DerivedKeyToken > u:Id="uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-9" > > xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc";> > > <o:SecurityTokenReference> > > <o:Reference ValueType=" > > http://schemas.xmlsoap.org/ws/2005/02/sc/sct"; > > URI="#uuid-b82539dc-ca7e-41d4-b68a-1e7bfb9fe6ba-5" /> > > </o:SecurityTokenReference> > > <c:Offset>0</c:Offset> > > <c:Length>24</c:Length> > > <c:Nonce>R6PHj4NfkvjXt+b6QMNhKw==</c:Nonce> > > </c:DerivedKeyToken> > > <c:DerivedKeyToken > > u:Id="uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-10" xmlns:c=" > > http://schemas.xmlsoap.org/ws/2005/02/sc";> > > <o:SecurityTokenReference> > > <o:Reference ValueType=" > > http://schemas.xmlsoap.org/ws/2005/02/sc/sct"; > > URI="#uuid-b82539dc-ca7e-41d4-b68a-1e7bfb9fe6ba-5" /> > > </o:SecurityTokenReference> > > <c:Nonce>NMwqy0hhD24EEPBjG/fXDQ==</c:Nonce> > > </c:DerivedKeyToken> > > <e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#";> > > <e:DataReference URI="#_1" /> > > <e:DataReference URI="#_6" /> > > </e:ReferenceList> > > <e:EncryptedData Id="_6" Type=" > > http://www.w3.org/2001/04/xmlenc#Element"; xmlns:e=" > > http://www.w3.org/2001/04/xmlenc#";> > > <e:EncryptionMethod Algorithm=" > > http://www.w3.org/2001/04/xmlenc#aes256-cbc"; /> > > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> > > <o:SecurityTokenReference> > > <o:Reference ValueType=" > > http://schemas.xmlsoap.org/ws/2005/02/sc/dk"; > > URI="#uuid-f7a690f2-a8f6-40ff-9f72-8c27cfa366fb-10" /> > > </o:SecurityTokenReference> > > </KeyInfo> > > <e:CipherData> > > > > > > > <e:CipherValue>IrgFpb3X7NqcaNDIYLU2SMGpkSV02Ij8Pas3aKr3mG27GvgIMb4IpgSxBR+Cu3kEnVVvUKe9E53sHE8IeVxB72abal+GAmQBgMRST7glWTbfTuTs+8KvlnjnEuspDA/PvZ9+VBifhTAMOBRsKmEOS3CGsKfV1OvkrU/0UsCxwS51C+YwUFNCSarVuo5+u7T+7PJ2IQe8hGcDHKQ97VIM6X+gU//hW3/KaaIH7QceWYnXtj0MbekritXKn0RtBDrM3gNJWVevAstr1n8WbqY0CdsvRXYq3yK/I0ELDDUQQ8ruPmFhb0VxyrO6HYOf3r7K3SRijfr0hXujTDpWLanIVNKCJshpbopqRTTmvcJZzN9UBhWLJxKD/VlkYLzPMEpZ6CQL3b7RJ8x1azGj+D+zHfxa/GLJRng2AqJLJRv8dbp/l5R20vdZBGWxo9K2MQrPWlG+TTkQ1LpnjVTfUzAmxgDXf8UbrYm0YW/ochAMGuuU3RruwsX8nblvBhC3FHa6Hs1hI34q6pK+I1C635rizqbBds7m95bg53DpBlv9X9gcw0/5S5sfnnEMcnFVBIErxqg9uV+4oKRTq7iGeLqnR3Y4RL/pwcoU7/dB9bqm+MVSxG36F+MOGwZGor4ZF7oLfuHezQ663RUCurFhUZoRNtpCE1yHSjivxPEklkwBP8hjAXMT8KNYJR9FwspwNCkqe59JrVQDg31hoaLnQAUWF0CeMWKmyGZmemVxIVgrX8Fv5nIC9SjUAEiEbbFBJQTDYGd/nkVmoTlmniq8NEYJsa9R8vTflqkJUkSi/cNusRoZG43Nen1Z2Vln5/F+wGrG4NjRX/dPMl26K2e4FipYkn8IcoCS/DWECekJNzB6LjYzxJDm2p0eDfQm63dc2HJp3c54rLxeb2nKIt6UbchxtckkggTsKO3MXnlAHobjDVpfKYiwkWJdG9sxyJWpTtx0F4BYNonf/Mi5zLztRplpSq0phmLTDvjnRBubwGPNxl/icurbCSqFzre7bjAhRXDtKisxgtDdoAYgoozvIcIdwxlPQQLbuKb2jvjCYu1mfgjqiEAF4vWtlBoC7rlhDz9lAnbEovPkBb7Bjm/uTuylWeMJ+gKpKxrkdzL1dy3SFU16F0Rvs32v3XE+KdK9c8WWMDGe/FufxMHduLig8QadnFaDxbliJjchovx67AwvKacxkDQT/NrbpXx6YeV0cCH5kynqY4a7uHbivkEZCDZUTYSnkTUcWdTLRN5Z8//rKpF3VSOjk4U5Z5TBji+vcTDcwkyzRYAnBJHS3ssEagd38amSFdgLhfougI0nE7h52SedPvKSOiFtK/nqXEPWtL0iG34upJhmIcw5zpGaF6pKskuTTPZ6X6+qbVYouqqlBrCCpEiDGAA0eNq6UVUjHm5Z064/WLxSt5iEauxwXmbPWasm25aC1rQ6eskZeJDEI0Cg7PUNrYB0Ck/ilnZSwEGzYRNNCPBB5MtCRO1KbjDq5u94YD+gh3OwgYJNxeXkCQdqOxjF6L/yu6ZynQH2txnJe+6THOJHVPbhh0855nwuG0tc449CMxLC9JQvxQzZPdP72g525SWyh+1hPmWSrjkC8svoiItVVQm2JDUdwgekvHV1iDBLxFoYtroSzrawnPx5pvFc+TygIRxxf8GM/t3ufFTd8bj9LWXPxa9ACvTpJjyBoZhJi7wIbJfJNtjKQrfJnGBDE1Ti4YEaSOvuKlDjtGKFpzStcXZWtziUupHb1ofnEsyqwzxjQoZfu3p7/qAGTqSaqmm8QWHNu59tNeONVkbBiYT4Vn/6ro03IH/wdiPGtP3zQPe+pkZRsf0sYMiJxAq21GsbRxbFgOyZ4NIixtIWEkuP1VZ3fDnSCA+jhqsHmP8RTY4LEQxN1MNh6vJdmjpg4zMhF2SrpoM/aaxPu1QEWHcmiEsMcsFn54iJvLMNxrHGLRE8q1SEP6JAIvmZktDs/XFmEYDxifg2vvi470KbFRMU0uJDYu2DRbEUbXtS+tVFB7V/PLihye0QyivvAM3QycYZbAmqQOLSLD8J53/+P66lDU6vDAl8wtN9CJm9J/muKUXexnafrn5X8neA/1Sc9Y061fgQhPt/MNMg6sSluD8Ms/tpTnCecXsZh+OPWYCNzgjtVLE3WGvyJ8k3EI1XLrO1J1yitoZDpSsgdmsF5F5HEgtD9GqrKgYwN9T6b8/tqmSQnFXHHTQqNkKaGvqloZdEXWPVeUqpUs0lRHqQIUMf1omDShucAnfc6qbS0gWctMgr/3L7kholWOpA7rjX4Aoc6qcF7gjRv1ilDBqkAr5l04oKOi0f7adYDkA6fxomFFfoxU1vzUBj1+EqH6IdnA/uE1l51obF51+040tfXmDWmpMU9n1dUQCb2DPCykv33ACv5xCN/lTu/X1hFZjdbSfl8EwPRo9AwCcsFoankr+xgkQqS5MoHcX8dawj6J+gRgjmawQwflD2qINbx5VEUzyWFqZxLu/</e:CipherValue> > > </e:CipherData> > > </e:EncryptedData> > > </o:Security> > > </s:Header> > > <s:Body u:Id="_0"> > > <RegisterNewUser xmlns="urn:co.uk/RedmanAPI"> > > <inputData xmlns:i="http://www.w3.org/2001/XMLSchema-instance";> > > <Address> > > <AbodeNumber>1</AbodeNumber> > > ... > > </inputData> > > </RegisterNewUser> > > </s:Body> > > </s:Envelope> > > 2013-02-12 10:05:25,118 [14] as service in context of the reseller > 'test': > > before sending reply: [urn: > > co.uk/RedmanAPI/IRedmanAPI/RegisterNewUserResponse], > > GUID:[56f9b3e2-3b4d-4332-8c20-064a06314a24], Reply: > > <s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing"; xmlns:s=" > > http://www.w3.org/2003/05/soap-envelope";> > > <s:Header> > > <a:Action s:mustUnderstand="1">urn: > > co.uk/RedmanAPI/IRedmanAPI/RegisterNewUserResponse</a:Action> > > <ActivityId CorrelationId="7255d356-4e94-a4c7-9e63127760a0" xmlns=" > > http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics > > ">d860721b-0c14-44e6-bf52-c2355e</ActivityId> > > > > <a:RelatesTo>urn:uuid:e15ff563-01f2-4063-822a-387ad7088ff6</a:RelatesTo> > > </s:Header> > > <s:Body> > > <RegisterNewUserResponse xmlns="urn:co.uk/RedmanAPI"> > > <RegisterNewUserResult xmlns:i=" > > http://www.w3.org/2001/XMLSchema-instance";> > > <FailureReason i:nil="true" /> > > <Status>true</Status> > > <UserId>5d925d02</UserId> > > </RegisterNewUserResult> > > </RegisterNewUserResponse> > > </s:Body> > > </s:Envelope> > > > > I've read *a lot* of internet posts over the last few days trying to get > a > > handle on this, but with no luck. It seems to be some kind of security > > issue but how to get around it? > > Any help appreciated. > > > > Alan. > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
