On torsdag 11 juni 2020 kl. 13:27:25 CEST Colm O hEigeartaigh wrote: > Can you put together a test-case (either in github or by modifying one of > the existing CXF ws-security systests)?
I have looked into the code and found one that should have failed. I gave up on that and started looking into the settings of my deployment. I have identified the problem. I am deploying on wildfly 19 and that is using saaj-1.4.1-SP1.jar. That version of saaj has its own implementation of getFirstChild() that is causing the problem with signature validation. When I forced wildfly to use saaj-impl-1.3.16-jbossorg-1.jar by changing jar in the module.xml file it worked. Not happy with that solution but it is not a problem in cxf. Is it a known problem that cxf is not working with saaj-1.4.1-SP1 or the version that introduced that getFirstChild method? Best regards Johan Erlands
