Of course I can :-) You will find attached the wsdl of the webservice (SimpleWS.wsdl) + the soap request which works (SOAP OK.txt) and the one which fails (CXF SOAP.txt).
Best Regards. -----Original Message----- From: Colm O hEigeartaigh [mailto:cohei...@apache.org] Sent: mardi 6 mars 2012 13:15 To: users@cxf.apache.org Subject: Re: Aware of compatibility issue between CXF and Metro/Weblogic ? Could you attach the security policy of the webservice, as well as the CXF request and the other request that works? Colm. On Tue, Mar 6, 2012 at 12:03 PM, COURTAULT Francois <francois.courta...@gemalto.com> wrote: > Hello, > > I have tried to write a CXF client which talks to a WSS protected (X509Token) > webservice hosted in Weblogic (Metro based) but unfortunately I got a Soap > fault error. > > If I compare a soap request which works and the one generated by CXF, the > only difference I have seen is that in the <dsig:KeyInfo> > <wsse:SecurityTokenReference> section, I have a <wsse:KeyIdentifier> section > in the one which succeeded whereas I haven't this section in the CXF one. > > Any advice ? Any idea ? > > Best Regards. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
<?xml version='1.0' encoding='UTF-8'?> <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/";> <S:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; S:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="bst_156mJ1UUoTA9ZP7b">MIIDGDCCAoGgAwIBAgIIUbCiOLAW/OMwDQYJKoZIhvcNAQEFBQAwMzESMBAGA1UEAwwJQ2xpZW50c0NBMRAwDgYDVQQKDAdnZW1hbHRvMQswCQYDVQQGEwJGUjAeFw0xMTExMTQxNjM2MzJaFw0xMjEwMDkwNTI2MjhaMGUxHTAbBgNVBAMMFFdzc0NsaWVudENlcnRpZmljYXRlMREwDwYDVQQLDAhBY2NvdW50czEUMBIGA1UECwwLV2FuZ1Rlc3RPcmcxGzAZBgoJkiaJk/IsZAEZFgtnZW1hbHRvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMQZD0Webv396G0uVBTnLlyWBlaPaNbXyHlHBMi+hQWspXiQZBZQ9EEhivGzZRehw+xKonG0ogkF0eekznIKUxN6vE3uGsKanGOqZ3XbAZJlEZhIto71tbOmpjn+HaNw2giOuXc1JTS8hqYLR6eGU08A96WGY8vtBvySuBN7QjRQfSohQTyAQAqZQS1sdyhksh4eaL8oWPcpaNpMaBJMq/udpPRpVsQ5Tp3AfVZt10TSENPQwmOD7TII6gd5N6CeUPWqbxMGNCairzsPzc5zCpfhjLIcnxeMnTQQ0HsX9BYyQCtlXSHta6taqIfhZd3uU/Lbru577n1Xi5drIG0l3IcCAwEAAaN/MH0wHQYDVR0OBBYEFO7bMRHeW6Cbq/6uQOaTBadqW6OjMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUrM8CZdp/7z8ArSR5mOwrL9V9ejgwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQUFAAOBgQBU8Cd6nQI7EdL2TdaoOxxQkZj5RubyNsGMLSHYANs46ee5OYDQqTwYbcoDiLRNYtr1Fd6cl1QcsBPV6eT1KQqZKwm2rws05g6nrU125y9Vm0jDR+UwuPpWng32sfgvYLqcjLIsVVQfLAqpktACG9TQja0EC12vEuRXOQmQpFmVpA==</wsse:BinarySecurityToken> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <dsig:Reference URI="#Timestamp_WF911A291H4C9EVH"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <dsig:DigestValue>FQdxW5uhQYvIlEjZ5eF6FwD0WWM=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#Body_6e1VPrhuvqnQBAe6"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <dsig:DigestValue>hqQ8dypeB6mi9otTZftZ9wdaIpQ=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#bst_156mJ1UUoTA9ZP7b"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <dsig:DigestValue>dmD/DqmQIf+LrHjcOgxLKhpCvZE=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>jsC7juSGau5ajN0aRlFTyh8bJcllKs9uigDomQOprEMp9DYy898GXEs8h3ULcR9xbl41LTVLqBfLR+oTpy5S6WRvPU8cwFY1EGbUDw0utmkBhG4zNr5QTv+Kb9fF4Eya19c/Ebv36ccJc6yWPHCct5x7B//eNNo1yfgQDF3DlF+fJAxJbtRaehf+n0QrT+Q72YKFYQyoQ+iLjPQ2veRvivercT3Ab2bGIQpktj8UYlWlLXC8HQhVQmcdgDt5IjyaPj2ejJd73HGxZa+0lTiEmF8l6T5Oyvheq0/gC8BiaYvuu+0z1aWy0GNya/41VOLuaksvyfO6M63zmnITkRbHXg== </dsig:SignatureValue> <dsig:KeyInfo> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="str_4RaFdeoK8oynP98t"> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>tDqtOB05FR2Q/BUdXx1X8rzDXMg=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </dsig:KeyInfo> </dsig:Signature> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp_WF911A291H4C9EVH"> <wsu:Created>2011-11-16T18:10:30Z</wsu:Created> <wsu:Expires>2011-11-16T18:11:30Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </S:Header> <S:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Body_6e1VPrhuvqnQBAe6"> <ns2:helloWorld xmlns:ns2="http://gemalto/test/ws/";> <arg0>test</arg0> </ns2:helloWorld> </S:Body> </S:Envelope>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> <soap:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; soap:mustUnderstand="1"> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="X509-5A31F1144956BB939A13310297351521">MIIDGDCCAoGgAwIBAgIIUbCiOLAW/OMwDQYJKoZIhvcNAQEFBQAwMzESMBAGA1UEAwwJQ2xpZW50c0NBMRAwDgYDVQQKDAdnZW1hbHRvMQswCQYDVQQGEwJGUjAeFw0xMTExMTQxNjM2MzJaFw0xMjEwMDkwNTI2MjhaMGUxHTAbBgNVBAMMFFdzc0NsaWVudENlcnRpZmljYXRlMREwDwYDVQQLDAhBY2NvdW50czEUMBIGA1UECwwLV2FuZ1Rlc3RPcmcxGzAZBgoJkiaJk/IsZAEZFgtnZW1hbHRvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMQZD0Webv396G0uVBTnLlyWBlaPaNbXyHlHBMi+hQWspXiQZBZQ9EEhivGzZRehw+xKonG0ogkF0eekznIKUxN6vE3uGsKanGOqZ3XbAZJlEZhIto71tbOmpjn+HaNw2giOuXc1JTS8hqYLR6eGU08A96WGY8vtBvySuBN7QjRQfSohQTyAQAqZQS1sdyhksh4eaL8oWPcpaNpMaBJMq/udpPRpVsQ5Tp3AfVZt10TSENPQwmOD7TII6gd5N6CeUPWqbxMGNCairzsPzc5zCpfhjLIcnxeMnTQQ0HsX9BYyQCtlXSHta6taqIfhZd3uU/Lbru577n1Xi5drIG0l3IcCAwEAAaN/MH0wHQYDVR0OBBYEFO7bMRHeW6Cbq/6uQOaTBadqW6OjMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUrM8CZdp/7z8ArSR5mOwrL9V9ejgwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQUFAAOBgQBU8Cd6nQI7EdL2TdaoOxxQkZj5RubyNsGMLSHYANs46ee5OYDQqTwYbcoDiLRNYtr1Fd6cl1QcsBPV6eT1KQqZKwm2rws05g6nrU125y9Vm0jDR+UwuPpWng32sfgvYLqcjLIsVVQfLAqpktACG9TQja0EC12vEuRXOQmQpFmVpA==</wsse:BinarySecurityToken> <wsu:Timestamp wsu:Id="TS-1"> <wsu:Created>2012-03-06T10:28:55.106Z</wsu:Created> <wsu:Expires>2012-03-06T10:33:55.106Z</wsu:Expires> </wsu:Timestamp> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="SIG-2"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="soap"></ec:InclusiveNamespaces> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod> <ds:Reference URI="#TS-1"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="wsse soap"></ec:InclusiveNamespaces> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> <ds:DigestValue>jVMpi+6MtN7OFixLZclkR3RV3x0=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#X509-5A31F1144956BB939A13310297351521"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="soap"></ec:InclusiveNamespaces> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> <ds:DigestValue>p0u+4feFcn6x6ghkg1XnGjYPI88=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>s68vvMROfnRK3cJvYi5W9pQxsz6yyXC5qmB9XE02vtsF4+u0Ku2ql9SP8Yhw4P11tToHChrk89Fz 0SCC5YCcsfTzsXY2m7U6dKGRITzTL6krb8pNbiBGo4Kt5xRoW3MDCEsaAlV8gct+YA4/TqpVyJ79 72uIGD2h2ERmxhQDQYaTiU+TjlxtfsgLm6h+O+NkXXwE/wL7vtWQ0GIX/ElMh+YZS3CYAYluKHeT y/RLzC/X3ViDMcDYEWHFMLI5HrP/0RimDb15f3eax3uG4sa2zsZu2LQYsdapwbhiwtODAI6SPrzj nq2eC5A9sR8jXNn3P0X2vGF8FDu+BIPB/A7vlg==</ds:SignatureValue> <ds:KeyInfo Id="KI-5A31F1144956BB939A13310297351522"> <wsse:SecurityTokenReference wsu:Id="STR-5A31F1144956BB939A13310297351523"> <wsse:Reference URI="#X509-5A31F1144956BB939A13310297351521" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </soap:Header> <soap:Body> <ns2:helloWorld xmlns:ns2="http://gemalto/test/ws/";> <arg0>test</arg0> </ns2:helloWorld> </soap:Body> </soap:Envelope>
