It's the "action" approach. I've written a custom CallbackHandler to create my SAML assertion and defined it in my security.saml-callback-handler property of my JAXRSClientFactoryBean. I've tried setting the following in my CallbackHandler but it still doesn't work.
callback.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); callback.setSignatureDigestAlgorithm(SignatureConstants.ALGO_ID_DIGEST_SHA256); The SignatureMethod alg is still "rsa-sha1" and the DigestMethod alg is "sha1". No errors reported it's just not using the set algorithm. Unrestricted policies in place. Not sure what I am still missing -Jeff -- View this message in context: http://cxf.547215.n5.nabble.com/CXF-Security-policy-signature-method-tp5732250p5760065.html Sent from the cxf-user mailing list archive at Nabble.com.
