Hi! I read that CXF 3.1 (I use 3.1.6) supports SHA256 by default [1]. Still org.apache.cxf.systest.sts.template.TemplateTest seems to use SHA1. So I chose testSendSAML2PublicKey to use SHA256 by changing "TripleDes" to "Basic256Sha256" in DoubleIt.wsdl. Now the STS seems to expect a SHA256 signed token, which is correct. But the client still signs the RST using SHA1 which is why I get:
javax.xml.ws.soap.SOAPFaultException: Error reading XMLStreamReader: org.apache.wss4j.common.ext.WSSecurityException: Digest algorithm http://www.w3.org/2000/09/xmldsig#sha1 does not meet policy I also tried to specify in cxf-client.xml: <jaxws:properties> <entry key="security.asymmetric.signature.algorithm" value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> ... </jaxws:properties> And tried to specify in DoubleIt.wsdl: <sp:RequestSecurityTokenTemplate> <t:SignatureAlgorithm>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</t:SignatureAlgorithm> ... </sp:RequestSecurityTokenTemplate> None of these solved the issue. Any help how to get SHA256 working with testSendSAML2PublicKey would be much appreciated. Thanks in advance. Best regards, Jan [1] http://cxf.apache.org/docs/31-migration-guide.html