Hello, We are facing an issue while communicating with remote web service (implemented in .Net) using cxf client(3.1.6 version), where it worked perfectly with cxf 2.4.6 version.
Background: As part of evergreening project, we have recently upgraded the application server and java version to wildfly 10 and java 8. The wildfly 10 app server is already bundled with cxf 3.1.6 version and wss4j 2.1.5 version. Problem Statement: The soap message header holds EncryptedHeader block and the soap message looks fine and there are no error logs while sending the message, but the remote web server returned a soap fault with message "An error occurred when verifying security for the message". When we tried to check with the remote web service provider, they shared the exception logs on their side. Here is the exception log: / <ExceptionType>System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType> <Message>SecurityVersion.WSSecurityJan2004 does not support header decryption. Use SecurityVersion.WsSecurity11 and above or use transport security to encrypt the full message.</Message> / Please find the soap request below. /<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope";><soap:Header><wsse11:EncryptedHeader xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="EH-e1a54dc5-f0dd-4cb7-8a99-b47e881619f6"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="ED-c90ce2c3-81d3-42ec-b809-9dec329a3fe8" Type="http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey";><wsse:Reference URI="#EK-1dc124a3-97ee-40ce-8fc8-4b7bdf996fea"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>tY/3l1CI9KZbO4jIWeD0BjftZmPHGITo4ily+nMRpbnoL/lUo64RJAVqfx1KvX2di/SbB5v//olitZXSSnrSsj98u2XgNzuSTTArm3gly4K6FI0cfdzIOeaUzB39WTJFfH4IfDPw4DpOkwr5gG5saTqXN6OkLRTN+zq00ZDCYY2jTJztUGy2WRIqRs0Jnd02fYsRXlcGPLjFhkfT+vPswdGvIgWdV2esE5ZQQVWnXOZRsBHFnay8sLCMLsIlXPLR+3+DVwlj9eH9sOp4PhlCblMgw8/xOc8f0MyuCu7ATQyvF67an+3DmSLx5oOVcmcVqPSHc1mfRQE0HkdViS+76g0YwoXCVOAKmpohAh7WWiKxHrihGjyIFYKgWRaBXoKNE/DSxiRxyUpR6Zacfhp1qnfFpObw8zeskfTDQKQER2T5tVQQmT47Jav+kY4biVTB+FTwcx6WMe/eOwPRbyT+DZ/XYcZhY6QlJw0F8eVGqJ7FYeM5/FEKkeThjrP2gSjvcKAgqfMa5es/YpQyz+y99V+G18qLVeQwWwPOuDmd2IWcV85+MVz32EbIn7kRFY3kfJcIgpFakkhdX59G0twCVvdutHuCY1s7+lekxR/ScoXO512rn3bvxNR4rSR1HjxO05b1ZAZ7rUoJJhMbndLKWbveWbMDMmA/5M/M351PaBny2hokcj2H3qc39Z2Ex2yjX9UZt/Vyv3Z9khDckDN/n2TuQrpZJK8JpGELIfpzpZw=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></wsse11:EncryptedHeader><Action xmlns="http://www.w3.org/2005/08/addressing"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="_628c5544-bf83-4b31-bf4a-419dfb266522">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</Action><MessageID xmlns="http://www.w3.org/2005/08/addressing"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="_3153031e-3921-4e61-83ca-752525c6aefb">urn:uuid:46d389b7-e055-417d-a88d-bf1eae2078ab</MessageID><To xmlns="http://www.w3.org/2005/08/addressing"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="_f9d1f8af-5750-45e4-b74c-b09dd7135c53">https://staging.accounts.hsabank.com/SecurityServices/SecurityTokenService.svc/Soap12</To><ReplyTo xmlns="http://www.w3.org/2005/08/addressing"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="_862c7ad6-cbf4-4af9-a666-428f388bc0e1"><Address>http://www.w3.org/2005/08/addressing/anonymous</Address></ReplyTo><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; soap:mustUnderstand="true"><wsu:Timestamp wsu:Id="TS-a6e0604b-4d16-40b4-bcb6-32fec91d6945"><wsu:Created>2017-12-07T06:22:58.634Z</wsu:Created><wsu:Expires>2017-12-07T06:27:58.634Z</wsu:Expires></wsu:Timestamp><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="EK-1dc124a3-97ee-40ce-8fc8-4b7bdf996fea"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";>muOBFpTUhZ9dp/MH5GF9KTzXA98=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>J3gS7J/pD1z55Jhe3Zu9vzSCTA/S0tOyVH6nyZeEYYOnF3oEtq60/B2z2fQTnu5mwScCk13HHdp/1uRRi2oN7ujnVYKIHFDUpK7CoYrTk0kRMGzXwITN1ce317cAGj388akXT5/3Xqh9uVTBQbIZ9/QYThw8DYECpGtJOioexKTjDRRNCUD5BV+Lb6azJBw3PhkZwje4BqvbPJfqJL17hy+73mXi8ri4h3BI1ywMIDWnR3CnKrbWfZ3skzs+K7eNkX/1EpHiFJ3+1CQ9XtmgeMvx54t3c8PT5VGfuAYMTVAHuNPbrTYVIrRoNZYGqr2FZ14EUrp9oVcE+6HcaASf+g==</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#ED-010cbc7e-c2d3-4ce0-a457-5935e7666d61"/><xenc:DataReference URI="#ED-c90ce2c3-81d3-42ec-b809-9dec329a3fe8"/></xenc:ReferenceList></xenc:EncryptedKey><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="X509-98736b24-9271-46ad-b024-66b9c342122d">MIIFgDCCBGigAwIBAgITBqnuMCIEN/UUCOX0AnlC8eNXVTANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdDaGljYWdvMSEwHwYDVQQKExhUcnVzdHdhdmUgSG9sZGluZ3MsIEluYy4xPTA7BgNVBAMTNFRydXN0d2F2ZSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTSEEyNTYgQ0EsIExldmVsIDExHzAdBgkqhkiG9w0BCQEWEGNhQHRydXN0d2F2ZS5jb20wHhcNMTcwMjAyMTYzNjI2WhcNMTkxMjAyMjIzNjI2WjB2MR0wGwYDVQQDExRhbGFjZXh0LmFsYWNyaXRpLmNvbTEeMBwGA1UEChMVQWxhY3JpdGkgUGF5bWVudHMgTExDMRMwEQYDVQQHEwpQaXNjYXRhd2F5MRMwEQYDVQQIEwpOZXcgSmVyc2V5MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL67zxPS2fIa8gYHqZGDUw5a9zmH+5NHqah0q98mVwdDK3A9R42tuP/NY5uwSoTUiSKxDkdjvW8K+Az4qpFfwogiB2ZA6UfWDrNQ3gwDWY19TJeIB0AQQCdTHjW7rluOlaqvMDmcNEA+QsNDqF0Kgad4OsJ+uahHaOqnKyGyfPtMBcDByOcs8g5HJoMrirq3E8AhWAll2cTCQXhif51S2foaLdX/17DGnTzuCLuiDHplbFVfu3lTTTEU8hwUY/mWnhewH403DLNlf8w4bCkb/OM+T7DXKl0rFsu2xua/Uye7EMsy2A0EX7eytgbfU8hPNePmmcQW++oy4Fui8mxeN1ECAwEAAaOCAcUwggHBMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUR4oMFsF5Ot7gb9ZYwttMvVyqT7gwHwYDVR0jBBgwFoAUys4dGAN3HhzzfFiymnCoCIAW9K4wPwYDVR0gBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9zc2wudHJ1c3R3YXZlLmNvbS9DQTBWBgNVHREETzBNghRhbGFjZXh0LmFsYWNyaXRpLmNvbYIaYWxhY2V4dC5iaWxsZXJwYXltZW50cy5jb22CGWRldml0Zy5iaWxsZXJwYXltZW50cy5jb20wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC50cnVzdHdhdmUuY29tL09WQ0EyX0wxLmNybDBxBggrBgEFBQcBAQRlMGMwJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnRydXN0d2F2ZS5jb20vMDkGCCsGAQUFBzAChi1odHRwOi8vc3NsLnRydXN0d2F2ZS5jb20vaXNzdWVycy9PVkNBMl9MMS5jcnQwDQYJKoZIhvcNAQELBQADggEBABc38IfcbsDgcZkfRBlfPEqWWRUc8qlNSk4FELapbq6yipiL90XEqX1dB+fidu/mHfNMrjMPNzOqW8hEp6IFawT61rO3PEiNjVulhAKif75V80IiaWG0UVkYk6Nvkc6jC3PvRkXNJe8Vd8EvIwDBcpFqgyJV3sNPdYTeprYsmaJSwofHekuCc6Ede+2zG8dC+FctYuLeqU58ZAwlXkptXFnCISRZINFwMqlZmeErDLHj/TXN6tsqdOngaowynoqRs6WltyQGWQUR3moRgIiiZ+8kB1DSzZ1m2WPjoAG9zEpstJYkmm3pN60cWSNUdVQrtKcZMm4MR73hvAmENPlrUmc=</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="SIG-a28b8c66-a7b6-44ca-99f6-5d4f8a213ece"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="soap"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#TS-a6e0604b-4d16-40b4-bcb6-32fec91d6945"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="wsse soap"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>LQAtC5vIdMJ0H+7kZEwuCR9F1HQ=</ds:DigestValue></ds:Reference><ds:Reference URI="#_c799ff1f-4c19-4a27-87de-45462d4e5083"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>ipCJhOWfRxL9Y0y4BeQHbJc184c=</ds:DigestValue></ds:Reference><ds:Reference URI="#_9fad93a0-9903-46cd-a550-d7f79de175a2"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="soap"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>26XJeHpO+26Jg1OOdm0H756Qf3A=</ds:DigestValue></ds:Reference><ds:Reference URI="#_f9d1f8af-5750-45e4-b74c-b09dd7135c53"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="soap"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>DVuPHDnNiP/RBHfUNC9m5+hFGCE=</ds:DigestValue></ds:Reference><ds:Reference URI="#_862c7ad6-cbf4-4af9-a666-428f388bc0e1"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="soap"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>I99qv6L87bpv/9yt6SPNYS4d1qI=</ds:DigestValue></ds:Reference><ds:Reference URI="#_3153031e-3921-4e61-83ca-752525c6aefb"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="soap"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>Y/hkQi3Bvd6XGYlm6zKyDjQUkZw=</ds:DigestValue></ds:Reference><ds:Reference URI="#_628c5544-bf83-4b31-bf4a-419dfb266522"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="soap"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>f3e1YuCquzalH8kQJEoYvlgMSU0=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>J3zheL823nWPjNYc+9CwyaJ8NpI+LhWwEZzltNhHUSbThCoLkWUZrVMj+oQLLAJNyNh2FgFcdKOQqbf3vvZjNFLEVfIIT5VibdzcpLyFRenl8/qiwHdSiEidf3Vx5A++CQE8yl25885tBCKpycaWdswnXm1VVdS8Aol7rcWh6ameDSOVBSk9etT9+LlXFczhYMwZjb1JE4iXgYlK8nSvOSvrpieBOtTPE7JOoG1+0dvQHVzElORPD+t/tuZ9Ki0UPAcJtBnSZLd9Om99YWpSUZ7gPioEOfTIBvblJiFgIE+0/Y9JrVywiS/Fhd2PgU2ePV7LcwvjPenJnpoPjZOGdA==</ds:SignatureValue><ds:KeyInfo Id="KI-b0e4c9b7-caea-467a-b5a4-4fc390b6a7a4"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STR-5c2602e9-59bf-4945-a2ab-dba3d11588ef"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";>R4oMFsF5Ot7gb9ZYwttMvVyqT7g=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></soap:Header><soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="_c799ff1f-4c19-4a27-87de-45462d4e5083"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="ED-010cbc7e-c2d3-4ce0-a457-5935e7666d61" Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey";><wsse:Reference URI="#EK-1dc124a3-97ee-40ce-8fc8-4b7bdf996fea"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>tC0+IygVFLogc/sv6UC20AzOWtsAz/t6uQCkK5B+Q15Qjh4LppQGvliJq2Bwavgk8DOsUbzCjMfTdXkelsimQGjZ1O52H2TM7oDj3B2pP3cUbWKQUw+OcK4Wh5HuicLEXGh3kuogevY1UHdGYLp+UrByYhBwCB5UWrWVCjCYJWbITkdJlzHOqcfjN7gjqFSICyn4FABUUNqapKFmyoVAGwsfJuzVRZXdUWRT1rPNGmW5gDPaqtq3LSqOlSq3PR9Zz8R4pNWsKD4SlKdZB1WlIMEPrdablLc3XmbWGAFJIzzkhi/ItKnt/xCpzLZbL8ixJsgRFyaUtMBmF3U2fR/NMqbL2vwyIrbPglwKPz8uIFRSWf2S77BlnSjPnAv3by2nJ986aSYcyVaXaTPiPT8rkI5/5qDjuM6FKlE1FKZNdPpvXpB6nYKygHmvePakZt2j7PcQKBlo/skKXnjWFA8uS+NZ3xn2uU8mZ8177OxAYXWptm8LDsDy5L7vkusxu5BYnuSkF+sNcd/tgmyZBt01KnjzuAWVllTxB6SsySThNzO2IfJrygsayF3YTPxEMtK9BYiYdRkFtyuzcSb53WsES/W0JahpLrJpauIKhyPJ3H585Y/EUKYDAHsHE/ftD57y2daIV02nfMx4DEOM6JS8aByRMeEZUYih8+FmyEUCrENoYewAe22GU6WTQtSlDG4bF9mGZsWyIeg0kMs2K4oCq8tpsZNFg4wOVoCEF/mq8N1j8LDuCWLWwmfqRU5buW+SyxfbC7dBepnlCvYK5FGlLr06OBs8H2gdeL9yRF1ufRCcVNXhD/kVtWmHqUHieKdJ7AKjVbZ2s1Jhd8UZxwV37Jb2kd7gio3uUS72vCHagV6ii7yx4xDtXds4MG0CnRdU59C/ZoqJw23MquSP+Yc7FuhbQp9nBn+xmNjdFBenZF8UfZAwKh4j/LKYjTiKCFJlFUCBp0MgdoFuwua7ryj9eQIHApaAE9KAd1SKewxO3mYcpDMRkdOL+CA/iWYoo5faM0W8eLloNci+chXYLkwbZiAA9MxOyr328NmWjWIISVecC2nlj7ixAy/IFVNsgD1+Au1RQMT+bpuMu+mueU8pqHhMcEbVW3XPrraAyVzbKw/Y/E6GeCFuzqqshiS+kKY4</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope> / It would be great if someone is able to put some light on it. Thanks. Ratnakiran k. -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
