It's a bug, now fixed: https://issues.apache.org/jira/browse/CXF-6543
Colm. On Thu, Aug 13, 2015 at 3:10 PM, jsmith828 <[email protected]> wrote: > It's the "action" approach. I've written a custom CallbackHandler to > create > my SAML assertion and defined it in my security.saml-callback-handler > property of my JAXRSClientFactoryBean. I've tried setting the following in > my CallbackHandler but it still doesn't work. > > > callback.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); > > callback.setSignatureDigestAlgorithm(SignatureConstants.ALGO_ID_DIGEST_SHA256); > > The SignatureMethod alg is still "rsa-sha1" and the DigestMethod alg is > "sha1". No errors reported it's just not using the set algorithm. > Unrestricted policies in place. Not sure what I am still missing -Jeff > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/CXF-Security-policy-signature-method-tp5732250p5760065.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
