I've mentioned a few times that you must put the signing cert or CA cert of the service provider in your keystore/truststore.
Colm. On Fri, Jan 19, 2018 at 10:41 AM, Al Grant <[email protected]> wrote: > I I comment out: > > > //((BindingProvider)irsiService).getRequestContext().put( > SecurityConstants.ENCRYPT_PROPERTIES, > //"client_sign.properties"); > > ((BindingProvider)irsiService).getRequestContext().put( > SecurityConstants.SIGNATURE_PROPERTIES, > "client_sign.properties"); > > //((BindingProvider)irsiService).getRequestContext().put( > SecurityConstants.SIGNATURE_USERNAME, > //"signingonly"); > > ((BindingProvider)irsiService).getRequestContext().put( > SecurityConstants.CALLBACK_HANDLER, > ClientCallbackHandler.class.getName()); > > Then try again, the message goes through. And I get acknowledgement that > the > message was successfuly received (response 200) > > However I still get : > > > DEBUG 2018-01-19 23:37:25,221 [Thread-2] > org.apache.wss4j.dom.processor.SignatureProcessor - Found signature > element > DEBUG 2018-01-19 23:37:25,225 [Thread-2] > org.apache.xml.security.algorithms.JCEMapper - Request for URI > http://www.w3.org/2000/09/xmldsig#rsa-sha1 > DEBUG 2018-01-19 23:37:25,232 [Thread-2] > org.apache.wss4j.common.crypto.Merlin - Searching keystore for cert using > Subject Key Identifier bytes > DEBUG 2018-01-19 23:37:25,235 [Thread-2] > org.apache.wss4j.common.crypto.Merlin - No SKI match found in keystore > DEBUG 2018-01-19 23:37:25,236 [Thread-2] > org.apache.wss4j.dom.processor.SignatureProcessor - No certificates or > keys > were found with which to validate the signature > > and then: > > org.apache.cxf.binding.soap.SoapFault: The signature or decryption was > invalid > > > > > > -- > Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
