It sounds like a bug. What does your complete security policy look like? Colm.
On Mon, Jan 20, 2014 at 1:42 PM, Kai Rommel <[email protected]>wrote: > Hi, > > I setup a request/response scenario with wss. The policy for the initiator > token is set to /AlwaysToRecipient and for the recipient token to /Never. > Signature and encryption is configured. > > The message exchange works fine and the request message looks like > expected. > But the response message also contains a BinarySecurityToken element (the > initiator token) in the soap header. > > This causes an issues, when my WS Consumer is not a cxf endpoint and > validates the response message against the following rule > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826602 > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > > > The token MUST be included in all messages sent from initiator to the > recipient. The token MUST NOT be included in messages sent from the > recipient to the initiator. > > > Is this a bug? > > > Thanks. > > > Best regards > > Kai > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
