Hi Stefan, I noticed a bug with the previous fix + merged a fix. Can you try again? This time you should see the DerivedKeyToken associated with the IssuedToken policy (if you include a RequireDerivedKeys policy for it).
Colm. On Thu, Sep 10, 2015 at 11:50 AM, Pröls, Stefan <[email protected]> wrote: > Hi, > > I'm trying to write an Apache CXF client for this Webservice: > > https://rheaavs.element44.net/AvsMpsService_R1_Variante2.wsdl > > The Webservice makes extensive use of WS-Security and WS-Trust features. > > The problem is, that I just can't get the service to accept my requests. > It answers all of them with an InvalidSecurity SOAP-Fault and I don't > understand whats wrong with my requests. > > I've attached 2 sample requests. req-cxf.xml is generated with the > current GIT version of Apache CXF 3.1.3 (the git version contains fixes > for problems I've already identified with this Webservice). This request > is answered by an InvalidSecurity SOAP-Fault. > > The second sample, req-dotnet.xml, which I've attached for comparison, > has been created by a .Net client and this requests is accepted by the > server. > > Analyzing the differences between the requests generated by CXF and > .Net, an interesting difference is that .Net generates a DerivedKeyToken > for the IssuedToken returned from the STS. Why does it do that? There is > no RequireDerivedKeys for this token its WS-Security Policy and I cannot > find any other reason why a DerivedKeyToken might have to be generated > for this token. > > To see if this difference might be the cause of the problem, I've tried > to add a RequireDerivedKeys to the IssuedToken's Policy. However, CXF > still won't generate a DerivedKeyToken for this token. Is this a bug or > am I missing something? How can I force CXF to generate a > DerivedKeyToken for the IssedToken? > > > Best regards, > Stefan Pröls > > ________________________________ > > PHARMATECHNIK GmbH und Co. KG > Münchner Strasse 15 > D-82319 Starnberg > > Sitz der Gesellschaft: Starnberg > HRA: 64434, HRB: 66369, Amtsgericht München > Geschäftsführer: Dr. Detlef Graessner, Cornelia Graessner-Neiss, Stephan > Jörgens > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
