Hi Colm-
A couple of additional data points: the exact same log entries I encounter
when consuming an STS issue protected by the OpenAMSessionToken over the
TransportBinding are logged when I consume an STS issue protected by a UNT
over the TransportBinding. The logs appear client-side and server-side:
FINE: An exception was thrown when verifying that the effective policy for
this request was satisfied. However, this exception will not result in a
fault. The exception raised is: org.apache.cxf.ws.policy.PolicyException:
These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportToken
Debugging TransportBindingHandler#handleBinding for the UNT case is the same
as the OpenAMSessionToken case - the HttpsToken is not an IssuedToken, so
the TransportToken is never asserted. I see the same logic in the 3.0.4
TransportBindingHandler (I'm currently working on the 2.7.8 release). I
don't see when a HttpsToken could ever be an IssuedToken.
I also don't see the
org.apache.cxf.ws.security.policy.model.UsernameToken#serialize ever being
called, neither when the STS instance is being exposed, nor when it is
consumed.
Thanks
Dirk
--
View this message in context:
http://cxf.547215.n5.nabble.com/Custom-SecurityPolicy-Assertions-and-the-Symmetric-binding-tp5754879p5755303.html
Sent from the cxf-user mailing list archive at Nabble.com.
