CXF 2.4.3 doesn't support the SpnegoContextToken policy, you'll need to
upgrade to a newer version of CXF. See here:

https://issues.apache.org/jira/browse/CXF-3635

That said, that policy is quite complicated...it will probably require more
work in CXF to support both SecureConveration + Spnego at the same time.

Colm.


On Tue, Apr 23, 2013 at 3:20 PM, Gagnon, David <[email protected]> wrote:

> Hi all,
>
>   I failed so far to configure CXF 2.4.3 to talk with MS Dynamics GP 2010.
>  Partly because I'm pretty new to CXF and WS-Security :-/.  After searching
> the web and tested for several hours .... I haven`t found how to configure
> CXF properly.
>
> So here is what I know:
>
> *         The class SymmetricBindingHandler is throwing a No signature
> token error.
>
> *         There is 2 SymmetricBinding elements in the policies (which I
> included below).
>
> I searched how to configure the SecurityToken in cxf.xml to avoid that
> error but I'm not even sure what the source of the problem.
>
> I'm kind of lost in the complexity and any information that can help me
> put some light and understand will be greatly appreciated
>
> Best Regards
> David
>
>
>
>
>
>   <wsp:Policy wsu:Id="GPWebService_policy">
>     <wsp:ExactlyOne>
>       <wsp:All>
>         <sp:SymmetricBinding xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>           <wsp:Policy>
>             <sp:ProtectionToken>
>               <wsp:Policy>
>                 <sp:SecureConversationToken sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> ">
>                   <wsp:Policy>
>                     <sp:RequireDerivedKeys />
>                     <sp:BootstrapPolicy>
>                       <wsp:Policy>
>                         <sp:SignedParts>
>                           <sp:Body />
>                           <sp:Header Name="To" Namespace="
> http://www.w3.org/2005/08/addressing"; />
>                           <sp:Header Name="From" Namespace="
> http://www.w3.org/2005/08/addressing"; />
>                           <sp:Header Name="FaultTo" Namespace="
> http://www.w3.org/2005/08/addressing"; />
>                           <sp:Header Name="ReplyTo" Namespace="
> http://www.w3.org/2005/08/addressing"; />
>                           <sp:Header Name="MessageID" Namespace="
> http://www.w3.org/2005/08/addressing"; />
>                           <sp:Header Name="RelatesTo" Namespace="
> http://www.w3.org/2005/08/addressing"; />
>                           <sp:Header Name="Action" Namespace="
> http://www.w3.org/2005/08/addressing"; />
>                         </sp:SignedParts>
>                         <sp:EncryptedParts>
>                           <sp:Body />
>                         </sp:EncryptedParts>
>                         <sp:SymmetricBinding>
>                           <wsp:Policy>
>                             <sp:ProtectionToken>
>                               <wsp:Policy>
>                                 <sp:SpnegoContextToken sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> ">
>                                   <wsp:Policy>
>                                     <sp:RequireDerivedKeys />
>                                   </wsp:Policy>
>                                 </sp:SpnegoContextToken>
>                               </wsp:Policy>
>                             </sp:ProtectionToken>
>                             <sp:AlgorithmSuite>
>                               <wsp:Policy>
>                                 <sp:Basic256 />
>                               </wsp:Policy>
>                             </sp:AlgorithmSuite>
>                             <sp:Layout>
>                               <wsp:Policy>
>                                 <sp:Strict />
>                               </wsp:Policy>
>                             </sp:Layout>
>                             <sp:IncludeTimestamp />
>                             <sp:EncryptSignature />
>                             <sp:OnlySignEntireHeadersAndBody />
>                           </wsp:Policy>
>                         </sp:SymmetricBinding>
>                        <sp:Wss11>
>                           <wsp:Policy>
>                             <sp:MustSupportRefKeyIdentifier />
>                             <sp:MustSupportRefIssuerSerial />
>                             <sp:MustSupportRefThumbprint />
>                             <sp:MustSupportRefEncryptedKey />
>                           </wsp:Policy>
>                         </sp:Wss11>
>                         <sp:Trust10>
>                           <wsp:Policy>
>                             <sp:MustSupportIssuedTokens />
>                             <sp:RequireClientEntropy />
>                             <sp:RequireServerEntropy />
>                           </wsp:Policy>
>                         </sp:Trust10>
>                       </wsp:Policy>
>                     </sp:BootstrapPolicy>
>                   </wsp:Policy>
>                 </sp:SecureConversationToken>
>               </wsp:Policy>
>             </sp:ProtectionToken>
>             <sp:AlgorithmSuite>
>               <wsp:Policy>
>                 <sp:Basic256 />
>               </wsp:Policy>
>             </sp:AlgorithmSuite>
>             <sp:Layout>
>               <wsp:Policy>
>                 <sp:Strict />
>               </wsp:Policy>
>             </sp:Layout>
>             <sp:IncludeTimestamp />
>             <sp:EncryptSignature />
>             <sp:OnlySignEntireHeadersAndBody />
>           </wsp:Policy>
>         </sp:SymmetricBinding>
>         <sp:Wss11 xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>           <wsp:Policy>
>             <sp:MustSupportRefKeyIdentifier />
>             <sp:MustSupportRefIssuerSerial />
>             <sp:MustSupportRefThumbprint />
>             <sp:MustSupportRefEncryptedKey />
>           </wsp:Policy>
>         </sp:Wss11>
>         <sp:Trust10 xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>           <wsp:Policy>
>             <sp:MustSupportIssuedTokens />
>             <sp:RequireClientEntropy />
>             <sp:RequireServerEntropy />
>           </wsp:Policy>
>         </sp:Trust10>
>         <wsaw:UsingAddressing />
>       </wsp:All>
>     </wsp:ExactlyOne>
>   </wsp:Policy>
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to