What about a SOAP handler? Or is something else missing or mis-configured? -----Original Message----- From: Morein, Arnie Sent: Friday, November 03, 2017 8:13 AM To: users@cxf.apache.org; 'cohei...@apache.org' Subject: RE: Help with configuring web service to match security from WSDL
No. -----Original Message----- From: Colm O hEigeartaigh [mailto:cohei...@apache.org] Sent: Friday, November 03, 2017 8:12 AM To: Morein, Arnie Cc: users@cxf.apache.org Subject: Re: Help with configuring web service to match security from WSDL Do you have a test-case I can take a look at? Colm. On Fri, Nov 3, 2017 at 1:07 PM, Morein, Arnie <arnold.mor...@dps.texas.gov> wrote: > Yes, In fact most of the CXF package is imported via Maven. > > -----Original Message----- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Friday, November 03, 2017 8:03 AM > To: Morein, Arnie > Cc: users@cxf.apache.org > Subject: Re: Help with configuring web service to match security from > WSDL > > Have you got the cxf-rt-ws-policy on the classpath? > > Colm. > > On Fri, Nov 3, 2017 at 12:53 PM, Morein, Arnie < > arnold.mor...@dps.texas.gov> > wrote: > > > That's what I was afraid of. I removed the registration of the > > intercepters and now am getting: > > > > org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{ > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- > > wssecurity-secext-1.0.xsd}Security] are not understood. > > > > Both without and with the following properties added to the end point: > > > > <jaxws:properties> > > <entry key="security.callback-handler.sct" > > value="gov.uscis.uscis.xsd.esb.authentication. > > AuthenticationServicePasswordCallback" /> > > <entry key="security.signature.properties.sct" > > value="cxf/crypto.properties" /> > > <entry key="security.encryption.username.sct" > > value="dls-vls-mock-service-client-key" /> > > </jaxws:properties> > > > > I must say, the documentation is very vague in places. I'm assuming > > that "username" is the JKS alias of the key used to sign/etc. the > messages. > > > > So what I have I left out now? > > > > What's more confusing is that the WAR containing the mock service is > > running in the same VM on my machine as the client. I deploy the > > service first (no errors) and then the client, then it attempts to > > connect. The logging doesn't clearly indicate if the exception is > > coming from the client or the server. Could that be the case? > > > > > > -----Original Message----- > > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > > Sent: Friday, November 03, 2017 3:17 AM > > To: users@cxf.apache.org > > Subject: Re: Help with configuring web service to match security > > from WSDL > > > > Hi, > > > > You are mixing up the two different ways of configuring WS-Security > > in > CXF. > > When there is a security policy available, then you don't manually > > configure the WSS4JInInterceptor or WSS4JOutInterceptors. They are > > used when there is no security policy and you have to manually tell > > CXF what WS-Security actions to perform. Instead the configuration > > is a lot simpler for the policy case. > > > > I'd suggest you look at the example test-case for > > WS-SecureConversation in the CXF source: > > > > https://github.com/apache/cxf/blob/master/systests/ws- > > security-examples/src/test/java/org/apache/cxf/systest/ > > wssec/examples/secconv/SecureConversationTest.java > > > > In particular, the service configuration is here: > > > > https://github.com/apache/cxf/blob/master/systests/ws- > > security-examples/src/test/resources/org/apache/cxf/ > > systest/wssec/examples/secconv/server.xml > > > > Colm. > > > > On Fri, Nov 3, 2017 at 2:43 AM, Morein, Arnie > > <arnold.mor...@dps.texas.gov > > > > > wrote: > > > > > I have created a mock service based on a WSDL from a vendor that > > > is already in use. > > > > > > One of the calls requires that the message be > > > timestamped/signed/encrypted before transmission. > > > > > > The real service provider issued an X.509 certificate for our use. > > > I have had our internal folks issue one like it with the same extensions. > > > > > > Everything is in place, but when the client app hits my mock > > > service, it gets an error that is neither clear or helpful: > > > > > > > > > org.apache.cxf.binding.soap.SoapFault: A security error was > > > encountered when verifying the message ... > > > Caused by: org.apache.wss4j.common.ext.WSSecurityException: An > > > error was discovered processing the <wsse:Security> header > > > > > > Digging into the CXF trace log, I barely managed to find these: > > > > > > 2017-11-02 19:49:52.018 DEBUG > > > [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] > > > WSS4JInInterceptor: enter handleMessage() > > > 2017-11-02 19:49:54.037 WARN [org.apache.cxf.ws.security. > > wss4j.WSS4JInInterceptor] > > > Security processing failed (actions mismatch) > > > > > > The messages are being generated by CXF (wsdl2java situation). > > > > > > The WSDL policy section is thus: > > > > > > <wsp:Policy wsu:Id="wsHttpEndPoint_policy"> > > > <wsp:ExactlyOne> > > > <wsp:All> > > > <sp:TransportBinding > > > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/ > > > securitypolicy" > > > > > > > <wsp:Policy> > > > <sp:TransportToken> > > > <wsp:Policy> > > > <sp:HttpsToken > > > RequireClientCertificate="false" > /> > > > </wsp:Policy> > > > </sp:TransportToken> > > > <sp:AlgorithmSuite> > > > <wsp:Policy> > > > <sp:Basic256 /> > > > </wsp:Policy> > > > </sp:AlgorithmSuite> > > > <sp:Layout> > > > <wsp:Policy> > > > <sp:Strict /> > > > </wsp:Policy> > > > </sp:Layout> > > > <sp:IncludeTimestamp /> > > > </wsp:Policy> > > > </sp:TransportBinding> > > > <sp:EndorsingSupportingTokens > > > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/ > > > securitypolicy" > > > > > > > <wsp:Policy> > > > <sp:SecureConversationToken > > > sp:IncludeToken="http:// > > > schemas.xmlsoap.org/ws/2005/07/securitypolicy/ > > > IncludeToken/AlwaysToRecipient" > > > > > > > <wsp:Policy> > > > <sp:BootstrapPolicy> > > > <wsp:Policy> > > > <sp:SignedParts> > > > <sp:Body /> > > > <sp:Header > > > Name="To" > > > Namespace=" > > > http://www.w3.org/2005/08/addressing" /> > > > <sp:Header > > > Name="From" > > > Namespace=" > > > http://www.w3.org/2005/08/addressing" /> > > > <sp:Header > > > Name="FaultTo" > > > Namespace=" > > > http://www.w3.org/2005/08/addressing" /> > > > <sp:Header > > > Name="ReplyTo" > > > Namespace=" > > > http://www.w3.org/2005/08/addressing" /> > > > <sp:Header > > > Name="MessageID" > > > Namespace=" > > > http://www.w3.org/2005/08/addressing" /> > > > <sp:Header > > > Name="RelatesTo" > > > Namespace=" > > > http://www.w3.org/2005/08/addressing" /> > > > <sp:Header > > > Name="Action" > > > Namespace=" > > > http://www.w3.org/2005/08/addressing" /> > > > </sp:SignedParts> > > > <sp:EncryptedParts> > > > <sp:Body /> > > > </sp:EncryptedParts> > > > <sp:TransportBinding> > > > <wsp:Policy> > > > <sp:TransportToken> > > > <wsp:Policy> > > > > > > <sp:HttpsToken > > > > > > RequireClientCertificate="false" /> > > > </wsp:Policy> > > > </sp:TransportToken> > > > <sp:AlgorithmSuite> > > > <wsp:Policy> > > > <sp:Basic256 /> > > > </wsp:Policy> > > > </sp:AlgorithmSuite> > > > <sp:Layout> > > > <wsp:Policy> > > > <sp:Strict /> > > > </wsp:Policy> > > > </sp:Layout> > > > <sp:IncludeTimestamp /> > > > </wsp:Policy> > > > </sp:TransportBinding> > > > <sp:EndorsingSupportingTokens> > > > <wsp:Policy> > > > <sp:X509Token > > > sp:IncludeToken=" > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/ > > > IncludeToken/AlwaysToRecipient" > > > > > > > <wsp:Policy> > > > > > > <sp:RequireThumbprintReference /> > > > > > > <sp:WssX509V3Token10 /> > > > </wsp:Policy> > > > </sp:X509Token> > > > <sp:SignedParts> > > > <sp:Header > > > Name="To" > > > Namespace=" > > > http://www.w3.org/2005/08/addressing" /> > > > </sp:SignedParts> > > > </wsp:Policy> > > > </sp: > EndorsingSupportingTokens> > > > <sp:Wss11> > > > <wsp:Policy> > > > > > > <sp:MustSupportRefThumbprint /> > > > </wsp:Policy> > > > </sp:Wss11> > > > <sp:Trust10> > > > <wsp:Policy> > > > > > > <sp:MustSupportIssuedTokens /> > > > > > > <sp:RequireClientEntropy > > /> > > > > > > <sp:RequireServerEntropy > > /> > > > </wsp:Policy> > > > </sp:Trust10> > > > </wsp:Policy> > > > </sp:BootstrapPolicy> > > > </wsp:Policy> > > > </sp:SecureConversationToken> > > > </wsp:Policy> > > > </sp:EndorsingSupportingTokens> > > > <sp:Wss11 > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/ > > > securitypolicy"> > > > <wsp:Policy /> > > > </sp:Wss11> > > > <sp:Trust10 > > > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/ > > > securitypolicy" > > > > > > > <wsp:Policy> > > > <sp:MustSupportIssuedTokens /> > > > <sp:RequireClientEntropy /> > > > <sp:RequireServerEntropy /> > > > </wsp:Policy> > > > </sp:Trust10> > > > <wsaw:UsingAddressing /> > > > </wsp:All> > > > </wsp:ExactlyOne> > > > </wsp:Policy> > > > > > > and a message being sent to my mock service looks like: > > > > > > ID: 1 > > > Address: https://localhost:8443/mock-vls-ws/services/ > > > mockAuthenticationService > > > Encoding: UTF-8 > > > Http-Method: POST > > > Content-Type: application/soap+xml; action="http://schemas. > > > xmlsoap.org/ws/2005/02/trust/RST/SCT"; charset=UTF-8 > > > Headers: {Accept=[*/*], cache-control=[no-cache], > > > connection=[keep-alive], content-type=[application/soap+xml; action=" > > http://schemas. > > > xmlsoap.org/ws/2005/02/trust/RST/SCT"; charset=UTF-8], > > > host=[localhost:8443], pragma=[no-cache], > > > transfer-encoding=[chunked], user-agent=[Apache-CXF/3.1.10]} > > > Payload: > > > <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> > > > <soap:Header> > > > <Action xmlns="http://www.w3.org/2005/08/addressing"> > > > http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</Action> > > > <MessageID xmlns="http://www.w3.org/2005/08/addressing > > ">urn:uuid: > > > d4a37685-340a-41e3-9ad5-33d21601b2b2</MessageID> > > > <To xmlns="http://www.w3.org/2005/08/addressing" > > > > > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis- > > > 200401-wss-wssecurity-utility-1.0.xsd" > > > wsu:Id="_7f09a81a-706a-4d03-932e-c402c7af8d16" > > > >https://localhost:8443/mock-vls-ws/services/ > > > mockAuthenticationService</To> > > > <ReplyTo xmlns="http://www.w3.org/2005/08/addressing"> > > > > > > <Address>http://www.w3.org/2005/08/addressing/anonymous</ > > > Address> > > > </ReplyTo> > > > <wsse:Security > > > > > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis- > > > 200401-wss-wssecurity-secext-1.0.xsd" > > > > > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis- > > > 200401-wss-wssecurity-utility-1.0.xsd" > > > soap:mustUnderstand="true" > > > > > > > <wsse:BinarySecurityToken > > > > > > EncodingType="http://docs.oasis-open.org/wss/2004/01/ > > > oasis-200401-wss-soap-message-security-1.0#Base64Binary" > > > > > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis- > > > 200401-wss-x509-token-profile-1.0#X509v3" > > > wsu:Id="X509-fbd22553-2805-4f67-af0c-cd552b6c4ea1" > > > > > > >MIIHPzCCBSegAwIBAgITRAAAc2IaBbGCTk7sGwAAAABzYjANBgkqhkiG9w0B > > > AQsFADBBMRMwEQYKCZImiZPyLGQBGRYDRFBTMRMwEQYKCZImiZPyLGQBGRYD > > > VExFMRUwEwYDVQQDEwxEUFNJc3N1ZUNBMDEwHhcNMTcxMTAxMTczMTUzWhcN > > > MjAxMDMxMTczMTUzWjCBjTELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFz > > > MQ8wDQYDVQQHEwZBdXN0aW4xKjAoBgNVBAoTIVRleGFzIERlcGFydG1lbnQg > > > b2YgUHVibGljIFNhZmV0eTELMAkGA1UECxMCSVQxJDAiBgNVBAMMG2Rwcy5k > > > ZXZlbG9wZXJAZHBzLnRleGFzLmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEP > > > ADCCAQoCggEBAIPrRFbLW92EYqeCr/jrEkFaHLP4Zm8lMnpNV1aJtEPuZno3GdBtRN > > > ad > > > TH > > > pg+ x6dKQemTgrpZJIzBCsm6iCWliB2PWqdFbQKt3DQoG4o8fT8DxPNZLod9Y/ > > > Rfi8Lb7NO33WdFu6JG8KRypTs1mQUItQ03TbKapACMmyoXhctZEgnSkwQUBY > > > F6jUHMoOpcxj6pPr/oaV9YMfh4P2eyKxNTdJGJXGe9kUPpLRydgoBq9NHluUfjsxKQ > > > 4S > > > Tw > > > G45+ 8TMZnXZOF3qQpW2Ny1shn5V2wSECZBHiTaTtshcIz6Kxew47nW9DQ2ITpbba > > > lYTXdnaBOalKpKkS0r4/96QD2HrYQECAwEAAaOCAuEwggLdMB0 > > > GA1UdDgQWBBRHFQmUcuBtf6vI5ikCLF1uudlSezAfBgNVHSMEGDAWgBSqB1gVMhLVR > > > X/ > > > DsU7Cy9JdkhJExjCCAQQGA1UdHwSB/DCB+TCB9qCB86CB8IaBt2xkYXA6Ly8vQ04 > > > 9RFBTSXNzdWVDQTAxLENOPUhEUVBSRElUU0lDQTAwMSxDTj1DRFAsQ049UHV > > > ibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJ > > > hdGlvbixEQz1UTEUsREM9RFBTP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/ > > > YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY0aHR0cDov > > > L2NybC5kcHMudGV4YXMuZ292L2NlcnRlbnJvbGwvRFBTSXNzdWVDQTAxLmNy > > > bDCB5QYIKwYBBQUHAQEEgdgwgdUwgacGCCsGAQUFBzAChoGabGRhcDovLy9D > > > Tj1EUFNJc3N1ZUNBMDEsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZp > > > Y2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9VExFLERDPURQ > > > Uz9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdG > > > lvbkF1dGhvcml0eTApBggrBgEFBQcwAYYdaHR0cDovL2NybC5kcHMudGV4YX > > > MuZ292L29jc3AwCwYDVR0PBAQDAgWgMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQ > > > QBgjcVCKu3YYWw7zKHhZsih5egL4PJzHwhhI+/NoO2ljQCAWQCAQUwKQYDVR0lBCIw > > > QBgjcVCKu3YYWw7zKHhZsih5egL4PJzHwhhI+IA > > > YIKwYBBQUHAwQGCisGAQQBgjcKAwQGCCsGAQUFBwMCMDUGCSsGAQQBgjcVCg > > > QoMCYwCgYIKwYBBQUHAwQwDAYKKwYBBAGCNwoDBDAKBggrBgEFBQcDAjANBg > > > kqhkiG9w0BAQsFAAOCAgEApbhMNf/KZge1ZtpY9xpokh3Zuo3VbNnIi0A6V > > > 5PWE/UN8AXIvq6IsbjES+XLxecIkNmSBvZllSvEzZzSnDy/XFlqVGCYRWS8LDrm/ > > > 1NAjyr4YXfRZyOTxE7W4RyyBsRpLRk2VsgCZ8wpO9kmG8vogp+ > > > 6Bd0DQQayuTrJbAtlw0SBBgCd6pIWfG9LoCsvKKmNd6xi65clijxxWm82w14KqlUEc > > > R/ mgFoCJLJ1qpshHmqK5nc283nDmlnKB1jdOBHOZ3S6j5YpLlxxWHZhntwd01w > > > /wKntwAZDHSagRCSvWz+gct47//chfjcCIzaUqTTY9Pw0VjDy+ > > > KDgOaVp2lAlHEWs5Ts3nT0AfTJDSDtDmOikyfAJlUIM08jfKUIIMOh1w/ > > > DC4SEFESl8vnmOimnqN2bFO5KmyulMD4XwWQBxuwmub1eR80Z3// > > > hynXp6aCcUEaTswDmlws24Ecv9ILuSVohQC+WtJAB5bbRQTbbuYu+ > > > taabxGNl9Hyh9zTyNrbM3nG5GkaxtSYy2fNiVqzS88sXOShye3GEfgb0a/ > > > OFpC736wbMPV+I7HNbqGa9Zi+KdsJLA32cbnJO1g2yThdpT05uoikNN > > > QrHuse0RtOZJdpLEnRejW96WQYHmxm/tlL64ZPskl5dnlUrbzTqQ9oyJqueDe > > > 1eP9jaId6NjAuKzLkQ=</wsse:BinarySecurityToken> > > > <wsu:Timestamp wsu:Id="TS-c1511394-ae6f-4a4c- > > > b8c4-a97df1bbd782"> > > > <wsu:Created>2017-11-02T22:02:30.558Z</wsu:Created> > > > <wsu:Expires>2017-11-02T22:07:30.558Z</wsu:Expires> > > > </wsu:Timestamp> > > > <ds:Signature > > > xmlns:ds="http://www.w3.org/2000/09/xmldsig# > " > > > Id="SIG-d17430ac-1be2-410d-b4ed-389fa2c71d9c" > > > > > > > <ds:SignedInfo> > > > <ds:CanonicalizationMethod > > > > > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# > > > " > > > > > > > <ec:InclusiveNamespaces > > > xmlns:ec="http://www.w3.org/ > > > 2001/10/xml-exc-c14n#" > > > PrefixList="soap" /> > > > </ds:CanonicalizationMethod> > > > <ds:SignatureMethod > > > Algorithm="http://www.w3.org/ > > > 2000/09/xmldsig#rsa-sha1" /> > > > <ds:Reference URI="#TS-c1511394-ae6f-4a4c- > > > b8c4-a97df1bbd782"> > > > <ds:Transforms> > > > <ds:Transform > > > Algorithm="http://www.w3.org/ > > > 2001/10/xml-exc-c14n#" > > > > > > > <ec:InclusiveNamespaces > > > xmlns:ec="http://www.w3.org/ > > > 2001/10/xml-exc-c14n#" > > > PrefixList="wsse soap" /> > > > </ds:Transform> > > > </ds:Transforms> > > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/ > > > 2000/09/xmldsig#sha1" /> > > > > > > <ds:DigestValue>oUUE187y3bNvLUk0KvKAMQi5oS0=</ > > > ds:DigestValue> > > > </ds:Reference> > > > <ds:Reference URI="#_7f09a81a-706a-4d03- > > > 932e-c402c7af8d16"> > > > <ds:Transforms> > > > <ds:Transform > > > Algorithm="http://www.w3.org/ > > > 2001/10/xml-exc-c14n#" > > > > > > > <ec:InclusiveNamespaces > > > xmlns:ec="http://www.w3.org/ > > > 2001/10/xml-exc-c14n#" > > > PrefixList="soap" /> > > > </ds:Transform> > > > </ds:Transforms> > > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/ > > > 2000/09/xmldsig#sha1" /> > > > > > > <ds:DigestValue>J3b0s0Tc7Z9nwyg6ryeyXi5V7Wk=</ > > > ds:DigestValue> > > > </ds:Reference> > > > </ds:SignedInfo> > > > <ds:SignatureValue>UED8ewbdSQUhh6k7Py+P+ > > > 5wveYhhM8xwpaBhn5IYKqqPSFzQSkFCG3q7oN/tOL3Oe33N2Xm+ > > > zPD26Qr7t7LGSEIXUU3ALxtnf8MtS3FRo9C6pxPPC6QuN0dYupPFZnQpYtNB > > > L9i9HIRB9dqh9I7NAdz3OGBCjdB8j0scP9V830YSf5fy5Sq5uC2uNV4Ee9tE > > > mPbY1yStH8htwPHeQEAFlQ0eNRCGrKL30af9waXGPXetMfuoQPMIbNssImie > > > 5cz2O56DGs88bBLZZaLG8LdoouAti9v2DGmlL9A42iJjXs19jQy+HP+4zy/ > > > vteV/aRhk4t8Q+tJcbn3piy7+pFnuhQ==</ds:SignatureValue> > > > <ds:KeyInfo Id="KI-2b2d8678-1047-4bbb- > > a9f6-33de176b569e"> > > > <wsse:SecurityTokenReference > > > xmlns:wsse="http://docs.oasis- > > > open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" > > > xmlns:wsu="http://docs.oasis- > > > open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" > > > wsu:Id="STR-2e70c6dd-87f9- > > 449e-9659-e0853efef74f" > > > > > > > <wsse:KeyIdentifier > > > EncodingType="http://docs. > > > oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message- > > > security-1.0#Base64Binary" > > > ValueType="http://docs.oasis- > > > open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" > > > >y5plsGZ1ujCONeUMI+FuNgfF8LU=< > > /wsse:KeyIdentifier> > > > </wsse:SecurityTokenReference> > > > </ds:KeyInfo> > > > </ds:Signature> > > > </wsse:Security> > > > </soap:Header> > > > <soap:Body> > > > <wst:RequestSecurityToken xmlns:wst="http://schemas. > > > xmlsoap.org/ws/2005/02/trust"> > > > <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/ > > > 02/trust/Issue</wst:RequestType> > > > <wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy"> > > > <wsa:EndpointReference > > > xmlns:wsa="http://www.w3.org/ 2005/08/addressing"> > > > > > > <wsa:Address>https://localhost:8443/mock-vls-ws/ > > > services/mockAuthenticationService</wsa:Address> > > > </wsa:EndpointReference> > > > </wsp:AppliesTo> > > > <wst:Lifetime > > > > > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis- > > > 200401-wss-wssecurity-utility-1.0.xsd" > > > > > > > <wsu:Created>2017-11-02T22:02:29.214Z</wsu:Created> > > > <wsu:Expires>2017-11-02T22:07:29.214Z</wsu:Expires> > > > </wst:Lifetime> > > > > > > <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct< > > > /wst:TokenType> > > > <wst:KeySize>256</wst:KeySize> > > > <wst:Entropy> > > > <wst:BinarySecret > > > Type="http://schemas.xmlsoap. > > > org/ws/2005/02/trust/Nonce" > > > >0UEx1yrKYAbPt0/m6tuSeyjFvVV4bE1bvN97D9lT0bw=< > > > /wst:BinarySecret> > > > </wst:Entropy> > > > > > > <wst:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/ > > > 2005/02/trust/CK/PSHA1</wst:ComputedKeyAlgorithm> > > > <wst:Renewing /> > > > </wst:RequestSecurityToken> > > > </soap:Body> > > > </soap:Envelope> > > > > > > > > > Here is my Spring Endpoint config: > > > > > > > > > <bean id="Aamva_Authentication_Request" class="org.apache.cxf.ws. > > > security.wss4j.WSS4JInInterceptor"> > > > <constructor-arg> > > > <map> > > > <entry key="action" value="Timestamp Signature" /> > > > <entry key="user" value="dls-vls-mock-service- > > client-key" > > > /> > > > <entry key="passwordType" value="PasswordText" /> > > > <entry key="passwordCallbackClass" > > > value="gov.uscis.uscis.xsd.esb.authentication. > > > AuthenticationServicePasswordCallback" /> > > > <entry key="decryptionPropFile" value="cxf/cxf-crypto. > > properties" > > > /> > > > <entry key="signaturePropFile" value="cxf/cxf-crypto. > > properties" > > > /> > > > <entry key="signatureUser" > > > value="dls-vls-mock-service- > > client-key" > > > /> > > > <entry key="signatureKeyIdentifier" > > > value="X509KeyIdentifier " /> > > > <entry key="signatureParts" > > > value="{Element}{http://docs. > > > oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0. > > > xs d} BinarySecurityToken;{Element}{http://docs.oasis-open.org/ > > > wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd} > > > Timestamp;{}{http://www.w3.org/2000/09/xmldsig}Signature; > > > {Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;" /> > > > > > > <!-- > > > <entry key="encryptionPropFile" value="cxf/cxf-crypto. > > properties" > > > /> > > > <entry key="encryptionParts" > > > > > > value="{Content}{http://schemas.xmlsoap.org/ws/2005/ > > > 07/securitypolicy}Body;" /> > > > --> > > > </map> > > > </constructor-arg> > > > </bean> > > > > > > <bean id="Aamva_Authentication_Response" class="org.apache.cxf.ws. > > > security.wss4j.WSS4JOutInterceptor"> > > > <constructor-arg> > > > <map> > > > <entry key="action" value="Timestamp Signature" /> > > > <entry key="user" value="dls-vls-mock-service- > > client-key" > > > /> > > > <entry key="passwordType" value="PasswordText" /> > > > <entry key="passwordCallbackClass" > > > value="gov.uscis.uscis.xsd.esb.authentication. > > > AuthenticationServicePasswordCallback" /> > > > <entry key="signaturePropFile" value="cxf/cxf-crypto. > > properties" > > > /> > > > <entry key="signatureKeyIdentifier" > > > value="X509KeyIdentifier " /> > > > <entry key="signatureParts" > > > value="{Element}{http://docs. > > > oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0. > > > xs d} BinarySecurityToken;{Element}{http://docs.oasis-open.org/ > > > wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd} > > > Timestamp;{}{http://www.w3.org/2000/09/xmldsig}Signature; > > > {Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;" /> > > > <!-- > > > <entry key="encryptionPropFile" value="cxf/cxf-crypto. > > properties" > > > /> > > > <entry key="encryptionParts" > > > > > > value="{Content}{http://schemas.xmlsoap.org/ws/2005/ > > > 07/securitypolicy}Body;" /> > > > --> > > > </map> > > > </constructor-arg> > > > </bean> > > > > > > <jaxws:endpoint id="mockAuthenticationServiceEndpoint" bus="cxf" > > > address="/mockAuthenticationService" > > > implementor="gov.uscis.uscis.xsd.esb.authentication. > > > AuthenticationServiceImpl" > > > > > > > <jaxws:binding> > > > <soap:soapBinding mtomEnabled="true" version="1.2" /> > > > </jaxws:binding> > > > > > > <jaxws:inInterceptors> > > > <ref bean="Aamva_Authentication_Request" /> > > > <bean class="org.apache.cxf.binding. > > soap.saaj.SAAJInInterceptor" > > > /> > > > </jaxws:inInterceptors> > > > > > > <jaxws:outInterceptors> > > > <ref bean="Aamva_Authentication_Response" /> > > > <bean class="org.apache.cxf.binding. > > soap.saaj.SAAJOutInterceptor" > > > /> > > > </jaxws:outInterceptors> > > > > > > </jaxws:endpoint> > > > > > > Since adding the signatureParts entries, now I am getting: > > > > > > 2017-11-02 21:40:11.369 WARN [org.apache.cxf.common. > logging.LogUtils] > > > Interceptor for {http://aamva.org/authentication/3.1.0} > > > AuthenticationService has thrown exception, unwinding now > > > org.apache.cxf.interceptor.Fault: Message part { > > > http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityToken > > > was not recognized. (Does it exist in service WSDL?) > > > > > > > > > I am out of my depth here. Can anyone suggest how to get the > > > JAX:WS markup to match up with the WSDL policy? > > > > > > Thanks. > > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com