Hi All,
Back in 2013 I implemented a WS Client using CXF that utilized the
STSClient to get a security token. It was painful because all the
configuration was done by hand in the XML (spring) - and none of the
requirements were documented.
The STS uses the ".NET WSE Key derivation" method, that used to be
activated with SIGN_WITH_UT_KEY Action.
Ironically, I built that in April 2013, the same month that the
functionality was being removed from WSS4J for the 2.0 release :-(
Now we are looking to upgrade across the firm to CXF 3.0 (and with it
WSS4J 2.0). This leaves this STS client broken.
Does anyone have any bright ideas about how to solve this? Is there any
documentation that describes what was actually implemented in the first
place, so I can reproduce it?
I've looked at diffs between the old code and new, and it looks like I
should be able to make it work by reimplementing the old
UsernameTokenSigningAction as a custom action.
Regarding custom actions, has the "magic integer" thing from CXF 2 been
replaced in CXF 3 or do we still have to register an implementation
class using the integer constant?
--
Thanks,
David Mansfield
Cobite, INC.
