Hi Colm, I took the next steps to get things working. The authentication with username and pwd works on STS. Now I have to get x.509 authentication working, too.
The Policy in WSDL looks like this: <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <wsp:ExactlyOne> <wsp:All> <sp:UsernameToken wsu:Id="BiPROBasicToken"/> </wsp:All> <wsp:All> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:WssX509V3Token11/> </wsp:Policy> </sp:X509Token> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </sp:SupportingTokens> The configuration in cxf-servlet.xml: <jaxws:endpoint id="CXFSTS" implementor="#mySTSProviderBean" address="/STS" wsdlLocation="/WEB-INF/wsdl/bipro/SecurityTokenService-2.5.0.1.0.wsdl" xmlns:ns1="http://www.bipro.net/namespace"; serviceName="ns1:SecurityTokenService_2.5.0.1.0" endpointName="ns1:UserPasswordLogin"> <jaxws:properties> <entry key="ws-security.callback-handler" value="sts.PasswordCallbackHandler" /> <entry key="ws-security.signature.properties" value="stsKeystore.properties" /> <entry key="ws-security.signature.username" value="test-zertifikat" /> <entry key="ws-security.encryption.username" value="useReqSigCert" /> </jaxws:properties> <jaxws:features> <logging xmlns="http://cxf.apache.org/core"; /> <ref bean="transformFeature" /> </jaxws:features> If I try to access the service with a request like the following, I got the message "*These policy alternatives can not be satisfied: {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTokens {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken*"; <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="X509-9BECC0307376C4B7A6141396887568237">MIIDjjCCAnagAwIBAgIFBTaKnOswDQYJKoZIhvcNAQEFBQAwPjELMAkGA1UEBhMCREUxFjAUBgNVBAoTDUFsbGlhbnogR3JvdXAxFzAVBgNVBAMTDkFsbGlhbnogVXNlckNBMB4XDTEzMDIyODE1MTM0MloXDTE1MDIyODE1MTM0MlowUjELMAkGA1UEBhMCREUxEDAOBgNVBAoTB0FsbGlhbnoxFTATBgNVBAsTDE1ha2xlcnBvcnRhbDEaMBgGA1UEAxMRUm9iZXJ0IEZyZWlsaW5nZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/s+UF8S6imHKg9y31GdzvcML6XoDCjgzzv2IVbVFD+33pSuf4KSWjctcSng6TtfxtaWHZlbAMk3PdD9vCKJgi7Mm9Fnxw33e9z5dolpZ5WUCkfiIFl8cH8YbTKLUDwU5zYNnYSpYDYzmrs7hSDWStnssaryi+YdtpZXUd4RiZrWi2DjfXmRHxH0yO7mJwSzotxjdJaJSWhMvJ5HAyhUDD9vfnSkT24riXiSQQtKE0Jf22xlZSgown98u0V2wEDjOnEklyjQkx0NqVXrJuZ2ave3HwhmGLHqXtr2jMSbZf2hGrWCWbleE2sqMDu5UFsVRikoi7Z2WnXzXoBXzNThM/AgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBTexNb/epBIwBRzv/5vG7L09Yj4bDATBgNVHSUEDDAKBggrBgEFBQcDAjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vcm9vdGNhLmFsbGlhbnouY29tL3VzZXJjYS5jcmwwDQYJKoZIhvcNAQEFBQADggEBAFjzt/0e53CECiTnI6zQgbFOG7HiClvAaQykukdwIDuCJQpBjr158H/NMBpJEWV+dzRx3ZCl4KkvNPw3PhsqP98G42L+ZPTBtwVCtBwjGqFmXTncQ64A7bu8uLkJJz7ubjlXrLt04tFTSeu8O4UbQgv8M8FD+vm2Nf7FvKLwcFJcKPq92uJ8X2GoImbm88BVLLzstiBmJzKDMs/ZnhErPd/d6Sjl/B6JTAfcwZNuI2D+wBPCDj2xZI0q4rfJZHaBf+d97rjn1dfY9HdCYsY0wi3G0eYG7aNeW3iNkeQ3tnaUg4h+QqDKFBCi36A436cfqpQis3sPzNiqJBWYhDNh32U=</wsse:BinarySecurityToken> <ds:Signature Id="SIG-39" xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces PrefixList="soapenv wst" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#id-38"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces PrefixList="wst" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>3AEvtITIY5+7+G5NVea7HCOcsD0=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#TS-37"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces PrefixList="wsse soapenv wst" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>XzpIOxUqhq6GObJrWn3U24KOP4M=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>CsPndMeeOv4XaHa9dsoWs80t8L6O2kMSZgJG1MTqa7FCKomYvPdQbhJc9bg//RcQFsM1E2ujjInn moi70YYpld5JvFZvVnhC5i/wPCJ63ZfFIjtp5H36o4StfJB4q03vmfgF+qH7skq3P6PWbDt1QtLF 2KjuEx15nNyJU0s4OOBje5FYx4KqVSrdJeo4oqUvjML5jcEVd/Ymj4Oy0fydEHNkSt52WI8zaiB0 Du0ZfEIrwFJe8zrhxBQNGWJoHRo4LJ2Be5j97FttyVtTUbxsfJIPvZAsDAl222100y+xUDUpfChy ZcRDqW8gE9/aU+Y9tTdIy7i//bfKvi5YNQGbdw==</ds:SignatureValue> <ds:KeyInfo Id="KI-9BECC0307376C4B7A6141396887568238"> <wsse:SecurityTokenReference wsu:Id="STR-9BECC0307376C4B7A6141396887568239"> <wsse:Reference URI="#X509-9BECC0307376C4B7A6141396887568237" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp wsu:Id="TS-37"> <wsu:Created>2014-10-22T09:07:55.682Z</wsu:Created> <wsu:Expires>2014-10-22T11:54:35.682Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </soapenv:Header> <soapenv:Body wsu:Id="id-38" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <wst:RequestSecurityToken> <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType> <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType> </wst:RequestSecurityToken> </soapenv:Body> </soapenv:Envelope> Something I missed in configuration? Thanks, SRog -- View this message in context: http://cxf.547215.n5.nabble.com/Username-PWD-on-STS-tp5750076p5750188.html Sent from the cxf-user mailing list archive at Nabble.com.
