Could you create JIRAs in WSS4J + CXF and attach the patches there? Colm.
On Wed, Jun 17, 2015 at 3:44 PM, Freddy Exposito <expos...@gmail.com> wrote: > Secure Conversation Renew is not working from a .NET client because > <ws:Instance> is missing in the SecurityContextToken. > > Reading into the standard here -> > > http://docs.oasis-open.org/ws-sx/ws-secureconversation/v1.4/os/ws-secureconversation-1.4-spec-os.html > says the following: > "The initial issuance need not contain a wsc:Instance element, however, all > subsequent issuances with different keys MUST have a wsc:Instance element > with a unique value." > > Also a reference seems to be required in the SecurityTokenRefernce > according > to this: > "If a specific key instance needs to be referenced, then the global > attribute wsc:Instance is included in the <wsse:Reference> sub-element > (only > when using <wsc:Identifier> references)" > > The following patches for wss4j (2.0.x branch) > wss4j-sct-with-instance.patch > < > http://cxf.547215.n5.nabble.com/file/n5758363/wss4j-sct-with-instance.patch > > > and cxf (3.0.x branch) cxf-sct-with-instance.patch > <http://cxf.547215.n5.nabble.com/file/n5758363/cxf-sct-with-instance.patch > > > work for us. > > Would be possible to include this in the next cxf and wss4j releases? > > Thanks, > Freddy > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Issue-with-the-renew-of-SCT-in-Secure-Conversation-tp5758363.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
