Secure Conversation Renew is not working from a .NET client because <ws:Instance> is missing in the SecurityContextToken.
Reading into the standard here -> http://docs.oasis-open.org/ws-sx/ws-secureconversation/v1.4/os/ws-secureconversation-1.4-spec-os.html says the following: "The initial issuance need not contain a wsc:Instance element, however, all subsequent issuances with different keys MUST have a wsc:Instance element with a unique value." Also a reference seems to be required in the SecurityTokenRefernce according to this: "If a specific key instance needs to be referenced, then the global attribute wsc:Instance is included in the <wsse:Reference> sub-element (only when using <wsc:Identifier> references)" The following patches for wss4j (2.0.x branch) wss4j-sct-with-instance.patch <http://cxf.547215.n5.nabble.com/file/n5758363/wss4j-sct-with-instance.patch> and cxf (3.0.x branch) cxf-sct-with-instance.patch <http://cxf.547215.n5.nabble.com/file/n5758363/cxf-sct-with-instance.patch> work for us. Would be possible to include this in the next cxf and wss4j releases? Thanks, Freddy -- View this message in context: http://cxf.547215.n5.nabble.com/Issue-with-the-renew-of-SCT-in-Secure-Conversation-tp5758363.html Sent from the cxf-user mailing list archive at Nabble.com.