I’m running WSS4J with Axis 1.3 on Tomcat 5.5 on a OS X 10.4.4 machine. I can sign, add username token, add saml token, add timestamps, but when it comes to encryption, I have problems. I always get an error about no provider being available:
An unsupported signature or encryption algorithm was used (unsupported key transport encryption algorithm: no provider: http://www.w3.org/2001/04/xmlenc#rsa-1_5)
I looked at the WSS4J code (or was it the xml-sec code?) and found out that the provider linked to rsa-1_5 was BC, and after googling a bit, I figured out that BC was probably BouncyCastle, so I downloaded their JCEProvider, installed it, and now, I can encrypt my messages.
I have a few questions though:
- why do I have to install a separate provider? Why not use those already included?
- shouldn’t this be mentioned in the documentation?
- shouldn’t we be allowed to change the cipher algorithm to use an existing provider?
Thanks for your help
Jean-Noel Colin
