CXF 2.4.3 doesn't support the SpnegoContextToken policy, you'll need to upgrade to a newer version of CXF. See here:
https://issues.apache.org/jira/browse/CXF-3635 That said, that policy is quite complicated...it will probably require more work in CXF to support both SecureConveration + Spnego at the same time. Colm. On Tue, Apr 23, 2013 at 3:20 PM, Gagnon, David <[email protected]> wrote: > Hi all, > > I failed so far to configure CXF 2.4.3 to talk with MS Dynamics GP 2010. > Partly because I'm pretty new to CXF and WS-Security :-/. After searching > the web and tested for several hours .... I haven`t found how to configure > CXF properly. > > So here is what I know: > > * The class SymmetricBindingHandler is throwing a No signature > token error. > > * There is 2 SymmetricBinding elements in the policies (which I > included below). > > I searched how to configure the SecurityToken in cxf.xml to avoid that > error but I'm not even sure what the source of the problem. > > I'm kind of lost in the complexity and any information that can help me > put some light and understand will be greatly appreciated > > Best Regards > David > > > > > > <wsp:Policy wsu:Id="GPWebService_policy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:SymmetricBinding xmlns:sp=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:ProtectionToken> > <wsp:Policy> > <sp:SecureConversationToken sp:IncludeToken=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > "> > <wsp:Policy> > <sp:RequireDerivedKeys /> > <sp:BootstrapPolicy> > <wsp:Policy> > <sp:SignedParts> > <sp:Body /> > <sp:Header Name="To" Namespace=" > http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="From" Namespace=" > http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="FaultTo" Namespace=" > http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="ReplyTo" Namespace=" > http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="MessageID" Namespace=" > http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="RelatesTo" Namespace=" > http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="Action" Namespace=" > http://www.w3.org/2005/08/addressing"; /> > </sp:SignedParts> > <sp:EncryptedParts> > <sp:Body /> > </sp:EncryptedParts> > <sp:SymmetricBinding> > <wsp:Policy> > <sp:ProtectionToken> > <wsp:Policy> > <sp:SpnegoContextToken sp:IncludeToken=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > "> > <wsp:Policy> > <sp:RequireDerivedKeys /> > </wsp:Policy> > </sp:SpnegoContextToken> > </wsp:Policy> > </sp:ProtectionToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic256 /> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Strict /> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp /> > <sp:EncryptSignature /> > <sp:OnlySignEntireHeadersAndBody /> > </wsp:Policy> > </sp:SymmetricBinding> > <sp:Wss11> > <wsp:Policy> > <sp:MustSupportRefKeyIdentifier /> > <sp:MustSupportRefIssuerSerial /> > <sp:MustSupportRefThumbprint /> > <sp:MustSupportRefEncryptedKey /> > </wsp:Policy> > </sp:Wss11> > <sp:Trust10> > <wsp:Policy> > <sp:MustSupportIssuedTokens /> > <sp:RequireClientEntropy /> > <sp:RequireServerEntropy /> > </wsp:Policy> > </sp:Trust10> > </wsp:Policy> > </sp:BootstrapPolicy> > </wsp:Policy> > </sp:SecureConversationToken> > </wsp:Policy> > </sp:ProtectionToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic256 /> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Strict /> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp /> > <sp:EncryptSignature /> > <sp:OnlySignEntireHeadersAndBody /> > </wsp:Policy> > </sp:SymmetricBinding> > <sp:Wss11 xmlns:sp=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:MustSupportRefKeyIdentifier /> > <sp:MustSupportRefIssuerSerial /> > <sp:MustSupportRefThumbprint /> > <sp:MustSupportRefEncryptedKey /> > </wsp:Policy> > </sp:Wss11> > <sp:Trust10 xmlns:sp=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:MustSupportIssuedTokens /> > <sp:RequireClientEntropy /> > <sp:RequireServerEntropy /> > </wsp:Policy> > </sp:Trust10> > <wsaw:UsingAddressing /> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
