I'm programming a client for a SOAP service that is configured through a
policy in the WSDL
<https://gist.github.com/RaffaeleSgarro/60791b4ffdacae692d53c449de6d0ffb>.
The service responds with a message that would be perfectly fine to work
with, but has a signature that makes CXF throw an error and hence halting
the execution of the program. From the XML of the response I can't tell if
there's something wrong with CXF of the response itself, mainly because the
piece:
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>
KTK582+s/nxWsbkIeNRTRDH+ju0=
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference></ds:KeyInfo>
is not enough for me to understand where the certificate to verify the
signature is supposed to be found.
The full (and syntax highlighted) XML of the response is here
<https://stackoverflow.com/questions/63234657/is-the-signature-in-the-following-soap-response-valid-can-it-be-validated-altog>.
Can CXF tell if the message is valid using only the message itself and the
given policy? Or do I need some other piece of information? If that's the
case, how can I pass it?
Thanks,
Raffaele
