I'd also enable DEBUG logging for org.apache.wss4j. That's how I find out what failed when I'm debugging Signature/Encryption algorithm issues.
On Thu, 6 Apr 2023 at 03:32, Colm O hEigeartaigh <[email protected]> wrote: > I think the best way is to enable debug logging on the CXF side, the > root cause should be logged there. > > Colm. > > On Wed, Apr 5, 2023 at 7:57 AM Kessler, Joerg > <[email protected]> wrote: > > > > Hi, > > A sender system sends SOAP messages to a CXF endpoint. The endpoint is > configured using a WSDL that has a transport binding policy including > algorithm suite. Since a few days the error > > These policy alternatives can not be satisfied: { > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AlgorithmSuite { > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Basic256 …. > > is returned. The authentication is client certificate. So my assumption > is that the algorithms for https have changed. The error above does not > return what value was checked. I did some code analysis but I am not able > to find the code where the algorithm is determined that is asserted. I was > also not able to log it. How can I analyze this problem? > > > > Best Regards, > > > > Jörg >
