Hi Cyril,
I've also experienced problems with Metro rejecting the signature when
using WS-SC. I was using the trunk code, though, so assumed it was
probably a new issue with all the 3.0 changes.
Are you getting some messages through successfully before the failure?
I'm asking because you say the "final service call" is where the problem
occurs. The failure I was seeing was on the first message using the SC
token.
Colm, sorry I never supplied the test case for this to you. I'll get
that in this weekend.
- Dennis
Dennis M. Sosnoski
Java Web Services Consulting <http://www.sosnoski.com/consult.html>
CXF and Web Services Security Training
<http://www.sosnoski.com/training.html>
Web Services Jump-Start <http://www.sosnoski.com/jumpstart.html>
On 12/21/2013 12:54 PM, Cyril wrote:
Hello,
I have attached again the CXF client log (cxf_client.log.txt). Did you
get jaxws-sc.wsdl and client-cxf.xml?
Thank you for your help.
Regards,
Cyril
On Fri, Dec 20, 2013 at 11:48 AM, Colm O hEigeartaigh
<[email protected] <mailto:[email protected]>> wrote:
Hi Cyril,
It appears you didn't attach the logs, could you resend them
please + I
will take a look? The FINE error logs you posted in the message
are a red
herring, this just means that CXF did not explicitly mark certain
policies
are being asserted.
Colm.
On Thu, Dec 19, 2013 at 5:45 PM, Cyril <[email protected]
<mailto:[email protected]>> wrote:
> Hello,
> I am trying to have a WS-SecureConversation between a CXF client
- version
> 2.7.6 - talking to a Metro service with WS-SecureConversation
(over SSL
> TransportBinding). When CXF makes the final service call with the
> SecurityContextToken in the security header, the service replies
a SOAP
> fault "Invalid Security Header". The service logs say the Signature
> Verification for Signature with ID SIG-4 failed. I am trying to
investigate
> more on the service side what is wrong with the signature.
However, I
> noticed the following exceptions in CXF in FINE log level:
>
> Dec 19, 2013 6:37:08 PM
> org.apache.cxf.ws.policy.PolicyVerificationOutInterceptor handle
> FINE: An exception was thrown when verifying that the effective
policy for
> this request was satisfied. However, this exception will not
result in a
> fault. The exception raised is:
org.apache.cxf.ws.policy.PolicyException:
> These policy alternatives can not be satisfied:
>
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
<http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702%7DSignedParts>
>
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts
<http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702%7DEncryptedParts>
>
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportToken
<http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702%7DTransportToken>
> {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Trust10
<http://schemas.xmlsoap.org/ws/2005/07/securitypolicy%7DTrust10>
>
> Could this be an issue? Better ideas?
>
> I have attached the service WSDL, and the CXF client (Spring)
> configuration and debug logs with the requests/responses.
>
> Thanks for any help.
>
> Regards,
> Cyril
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
