Hi Colm, thanks! Yes, the DerivedKeyToken is generated now when RequireDerivedKeys is included in the policy.
That didn't make my client work, though. I fear I won't be able to debug this without more information from the server logs... Best regards, Stefan Am 14.09.2015 um 16:27 schrieb Colm O hEigeartaigh: > Hi Stefan, > > I noticed a bug with the previous fix + merged a fix. Can you try again? > This time you should see the DerivedKeyToken associated with the > IssuedToken policy (if you include a RequireDerivedKeys policy for it). > > Colm. > > On Thu, Sep 10, 2015 at 11:50 AM, Pröls, Stefan <[email protected]> > wrote: > >> Hi, >> >> I'm trying to write an Apache CXF client for this Webservice: >> >> https://rheaavs.element44.net/AvsMpsService_R1_Variante2.wsdl >> >> The Webservice makes extensive use of WS-Security and WS-Trust features. >> >> The problem is, that I just can't get the service to accept my requests. >> It answers all of them with an InvalidSecurity SOAP-Fault and I don't >> understand whats wrong with my requests. >> >> I've attached 2 sample requests. req-cxf.xml is generated with the >> current GIT version of Apache CXF 3.1.3 (the git version contains fixes >> for problems I've already identified with this Webservice). This request >> is answered by an InvalidSecurity SOAP-Fault. >> >> The second sample, req-dotnet.xml, which I've attached for comparison, >> has been created by a .Net client and this requests is accepted by the >> server. >> >> Analyzing the differences between the requests generated by CXF and >> .Net, an interesting difference is that .Net generates a DerivedKeyToken >> for the IssuedToken returned from the STS. Why does it do that? There is >> no RequireDerivedKeys for this token its WS-Security Policy and I cannot >> find any other reason why a DerivedKeyToken might have to be generated >> for this token. >> >> To see if this difference might be the cause of the problem, I've tried >> to add a RequireDerivedKeys to the IssuedToken's Policy. However, CXF >> still won't generate a DerivedKeyToken for this token. Is this a bug or >> am I missing something? How can I force CXF to generate a >> DerivedKeyToken for the IssedToken? >> >> >> Best regards, >> Stefan Pröls >> >> ________________________________ >> >> PHARMATECHNIK GmbH und Co. KG >> Münchner Strasse 15 >> D-82319 Starnberg >> >> Sitz der Gesellschaft: Starnberg >> HRA: 64434, HRB: 66369, Amtsgericht München >> Geschäftsführer: Dr. Detlef Graessner, Cornelia Graessner-Neiss, Stephan >> Jörgens >> > > ________________________________ PHARMATECHNIK GmbH und Co. KG Münchner Strasse 15 D-82319 Starnberg Sitz der Gesellschaft: Starnberg HRA: 64434, HRB: 66369, Amtsgericht München Geschäftsführer: Dr. Detlef Graessner, Cornelia Graessner-Neiss, Stephan Jörgens
