These days we cannot allow anything below SHA2; so it took me a lot of trouble shooting to resolve the error below and only found a fix by adding this: properties.put("ws-security.asymmetric.signature.algorithm","http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
I would have liked adding this to the ws-securitypolicy but could not find anyway to use the newer ones like the above and best I could do was this: <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256Sha256Rsa15/> </wsp:Policy> </sp:AlgorithmSuite> It would be nice if this was out of the box support or discoverable from the keystore signing side. 2018-10-08 12:30:12.726 DEBUG 19280 --- [ main] o.a.w.dom.processor.SignatureProcessor : Verify XML Signature 2018-10-08 12:30:12.727 DEBUG 19280 --- [ main] o.a.w.c.crypto.AlgorithmSuiteValidator : SignatureMethod http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 does not match required values 2018-10-08 12:30:12.730 DEBUG 19280 --- [ main] o.a.cxf.phase.PhaseInterceptorChain : Invoking handleFault on interceptor org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor@16a9eb2e 2018-10-08 12:30:12.730 DEBUG 19280 --- [ main] o.a.cxf.phase.PhaseInterceptorChain : Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor@257e0827 2018-10-08 12:30:12.730 DEBUG 19280 --- [ main] o.a.cxf.phase.PhaseInterceptorChain : Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor@806996 2018-10-08 12:30:12.730 DEBUG 19280 --- [ main] o.a.cxf.phase.PhaseInterceptorChain : Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor@697a34af 2018-10-08 12:30:12.730 DEBUG 19280 --- [ main] o.a.cxf.phase.PhaseInterceptorChain : Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor@38e7ed69 2018-10-08 12:30:12.730 DEBUG 19280 --- [ main] o.a.cxf.phase.PhaseInterceptorChain : Invoking handleFault on interceptor org.apache.cxf.frontend.WSDLGetInterceptor@2a367e93 2018-10-08 12:30:12.730 DEBUG 19280 --- [ main] o.a.cxf.phase.PhaseInterceptorChain : Invoking handleFault on interceptor org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxInInterceptor@76332405 2018-10-08 12:30:12.730 DEBUG 19280 --- [ main] o.a.cxf.phase.PhaseInterceptorChain : Invoking handleFault on interceptor org.apache.cxf.interceptor.StaxInInterceptor@1a6dc589 2018-10-08 12:30:12.730 DEBUG 19280 --- [ main] o.a.cxf.phase.PhaseInterceptorChain : Invoking handleFault on interceptor org.apache.cxf.interceptor.AttachmentInInterceptor@7f6874f2 2018-10-08 12:30:12.730 DEBUG 19280 --- [ main] o.a.cxf.phase.PhaseInterceptorChain : Invoking handleFault on interceptor org.apache.cxf.ext.logging.LoggingInInterceptor$LoggingInFaultInterceptor@3fba233d 2018-10-08 12:30:12.730 DEBUG 19280 --- [ main] o.apache.cxf.ws.addressing.ContextUtils : retrieving MAPs from context property javax.xml.ws.addressing.context.inbound 2018-10-08 12:30:12.730 DEBUG 19280 --- [ main] o.apache.cxf.ws.addressing.ContextUtils : WS-Addressing - failed to retrieve Message Addressing Properties from context