Hi Cyril, It appears you didn't attach the logs, could you resend them please + I will take a look? The FINE error logs you posted in the message are a red herring, this just means that CXF did not explicitly mark certain policies are being asserted.
Colm. On Thu, Dec 19, 2013 at 5:45 PM, Cyril <[email protected]> wrote: > Hello, > I am trying to have a WS-SecureConversation between a CXF client - version > 2.7.6 - talking to a Metro service with WS-SecureConversation (over SSL > TransportBinding). When CXF makes the final service call with the > SecurityContextToken in the security header, the service replies a SOAP > fault "Invalid Security Header". The service logs say the Signature > Verification for Signature with ID SIG-4 failed. I am trying to investigate > more on the service side what is wrong with the signature. However, I > noticed the following exceptions in CXF in FINE log level: > > Dec 19, 2013 6:37:08 PM > org.apache.cxf.ws.policy.PolicyVerificationOutInterceptor handle > FINE: An exception was thrown when verifying that the effective policy for > this request was satisfied. However, this exception will not result in a > fault. The exception raised is: org.apache.cxf.ws.policy.PolicyException: > These policy alternatives can not be satisfied: > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportToken > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Trust10 > > Could this be an issue? Better ideas? > > I have attached the service WSDL, and the CXF client (Spring) > configuration and debug logs with the requests/responses. > > Thanks for any help. > > Regards, > Cyril > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
