Hello,
I am trying to have a WS-SecureConversation between a CXF client - version
2.7.6 - talking to a Metro service with WS-SecureConversation (over SSL
TransportBinding). When CXF makes the final service call with the
SecurityContextToken in the security header, the service replies a SOAP
fault "Invalid Security Header". The service logs say the Signature
Verification for Signature with ID SIG-4 failed. I am trying to investigate
more on the service side what is wrong with the signature. However, I
noticed the following exceptions in CXF in FINE log level:
Dec 19, 2013 6:37:08 PM
org.apache.cxf.ws.policy.PolicyVerificationOutInterceptor handle
FINE: An exception was thrown when verifying that the effective policy for
this request was satisfied. However, this exception will not result in a
fault. The exception raised is: org.apache.cxf.ws.policy.PolicyException:
These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportToken
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Trust10
Could this be an issue? Better ideas?
I have attached the service WSDL, and the CXF client (Spring) configuration
and debug logs with the requests/responses.
Thanks for any help.
Regards,
Cyril
I am trying to have a WS-SecureConversation between a CXF client - version
2.7.6 - talking to a Metro service with WS-SecureConversation (over SSL
TransportBinding). When CXF makes the final service call with the
SecurityContextToken in the security header, the service replies a SOAP
fault "Invalid Security Header". The service logs say the Signature
Verification for Signature with ID SIG-4 failed. I am trying to investigate
more on the service side what is wrong with the signature. However, I
noticed the following exceptions in CXF in FINE log level:
Dec 19, 2013 6:37:08 PM
org.apache.cxf.ws.policy.PolicyVerificationOutInterceptor handle
FINE: An exception was thrown when verifying that the effective policy for
this request was satisfied. However, this exception will not result in a
fault. The exception raised is: org.apache.cxf.ws.policy.PolicyException:
These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportToken
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Trust10
Could this be an issue? Better ideas?
I have attached the service WSDL, and the CXF client (Spring) configuration
and debug logs with the requests/responses.
Thanks for any help.
Regards,
Cyril
