Hi,
I am trying to write a sts client for a wcf web service. The service is
secured using ws-security 1.1, ws-securitypolicy 1.2 and ws-trust 1.3. Sts
service is secured via usernametoken and running on https. It also requires
soap 1.2
I tried to create a client using available documentations and sample
projects but no luck. I am getting
Creating Service from WSDL:
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: None of
the policy alternatives can be satisfied.
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:160 error
Does that mean cxf has no support for such a configuration?
Thanks for any help
The wsp policy section of the service wsdl is like this:
<wsp:Policy wsu:Id="CustomBinding_SomeService_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:IssuedToken sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
">
<Issuer xmlns="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<Address xmlns="
http://www.w3.org/2005/08/addressing">
https://somedomain/Services/Issuer.svc/IWSTrust13 </Address>
<Metadata xmlns="
http://www.w3.org/2005/08/addressing">
<Metadata xmlns="
http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance">
<wsx:MetadataSection xmlns=""
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
<wsx:MetadataReference>
<Address xmlns="
http://www.w3.org/2005/08/addressing">
https://somedomain/Services/Issuer.svc/mex </Address>
</wsx:MetadataReference>
</wsx:MetadataSection>
</Metadata>
</Metadata>
</Issuer>
<sp:RequestSecurityTokenTemplate>
<trust:KeyType xmlns:trust="
http://docs.oasis-open.org/ws-sx/ws-trust/200512">
http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
</trust:KeyType>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy/>
</sp:Wss11>
<sp:Trust13 xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust13>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
I am trying to write a sts client for a wcf web service. The service is
secured using ws-security 1.1, ws-securitypolicy 1.2 and ws-trust 1.3. Sts
service is secured via usernametoken and running on https. It also requires
soap 1.2
I tried to create a client using available documentations and sample
projects but no luck. I am getting
Creating Service from WSDL:
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: None of
the policy alternatives can be satisfied.
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:160 error
Does that mean cxf has no support for such a configuration?
Thanks for any help
The wsp policy section of the service wsdl is like this:
<wsp:Policy wsu:Id="CustomBinding_SomeService_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:IssuedToken sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
">
<Issuer xmlns="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<Address xmlns="
http://www.w3.org/2005/08/addressing">
https://somedomain/Services/Issuer.svc/IWSTrust13 </Address>
<Metadata xmlns="
http://www.w3.org/2005/08/addressing">
<Metadata xmlns="
http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance">
<wsx:MetadataSection xmlns=""
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
<wsx:MetadataReference>
<Address xmlns="
http://www.w3.org/2005/08/addressing">
https://somedomain/Services/Issuer.svc/mex </Address>
</wsx:MetadataReference>
</wsx:MetadataSection>
</Metadata>
</Metadata>
</Issuer>
<sp:RequestSecurityTokenTemplate>
<trust:KeyType xmlns:trust="
http://docs.oasis-open.org/ws-sx/ws-trust/200512">
http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
</trust:KeyType>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy/>
</sp:Wss11>
<sp:Trust13 xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust13>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>