Hello, the good news is that your solution works!... when the algorithm suite in the BootstrapPolicy is Basic128. If I change it back to Basic256 like originally, it doesn't work, even with keysize changed to 256 in the ws-security.sts.client property. I noticed that when CXF sends a <wst:KeySize>128</wst:KeySize> in the first request (with Basic128 in bootstrap policy), i.e. the RST request, the test case succeeds; whereas for the failing cases - with Basic256 in bootstrap policy or if the ws.security.sts.client keysize property is not set - this KeySize element is missing from the RST message. Is there a reason why CXF would not send it for keysize 256 as well?
This is already a great leap forward, thanks a lot. Yet, it would be greater if I could make this work for Basic256 algorithm in the secure conversation bootstrap policy. This can be tested with the test case I sent previously, by defining Basic256 as algorithm suite of the <BootstrapPolicy> element in the WSDL located at WEB-INF/wsdl/PingService.wsdl within the jaxws-sc.war in src/test/resources. Thanks. Regards, Cyril On Wed, Jan 15, 2014 at 12:24 PM, Colm O hEigeartaigh <[email protected]>wrote: > Hi Cyril, > > Thanks for the test-case. The problem is that CXF is using 256 bits as the > keysize, whereas Metro is using 128 bits, hence the signature verification > error. You can adjust CXF by editing the client-cxf.xml file in your > project, + adding the following jaxws:property to the client bean: > > <entry key="ws-security.sts.client"> > <bean class="org.apache.cxf.ws.security.trust.STSClient"> > <constructor-arg ref="cxf"/> > <property name="keySize" value="128" /> > </bean> > </entry> > > Let me know if this doesn't work. > > Colm. > > > On Tue, Jan 14, 2014 at 12:53 AM, Cyril <[email protected]> wrote: > > > Hello Colm, > > please find the test case in the zip uploaded here (file size was > rejected > > by the mail server): > > > > > https://drive.google.com/file/d/0Bx-J-1KEN3jNLWcwVXQ5c3daaGM/edit?usp=sharing > > Filename: cxf-client-metro-wssc-interop-test.zip > > > > It is a maven project with a JUnit test case that launches the Metro > > service in an embedded Jetty, then runs the CXF client against it. Make > > sure the port 8443 is available locally, or change the port in file > > src/test/resources/cxf-client.xml (jaxws:client element) and class > > simple.client.PingServiceClientTest. If this is not what you expect, > please > > tell me, as I am not used to create such test cases. > > > > Thanks for reviewing, and sorry for my late reply. > > > > Regards, > > Cyril > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
