Thank you for your answers. That is what I did. I enabled all loggers for CXF and WSS4J and I think Neethi. But I was not able to see something like the algorithm suite determined is .... or the layout that is different from strict. The only error I see is a stack trace that just lists all algorithm policies and the layout policy of the transport binding. Maybe the logs show something if WS signature or WS encryption is used. In my case only https is used. So I wonder how this is determined for https.
Jörg -----Original Message----- From: Mark Presling <[email protected]> Sent: Thursday, 6 April 2023 02:41 To: [email protected] Subject: Re: WSDL Algorithm Suite Policy Assertions I'd also enable DEBUG logging for org.apache.wss4j. That's how I find out what failed when I'm debugging Signature/Encryption algorithm issues. On Thu, 6 Apr 2023 at 03:32, Colm O hEigeartaigh <[email protected]> wrote: > I think the best way is to enable debug logging on the CXF side, the > root cause should be logged there. > > Colm. > > On Wed, Apr 5, 2023 at 7:57 AM Kessler, Joerg > <[email protected]> wrote: > > > > Hi, > > A sender system sends SOAP messages to a CXF endpoint. The endpoint is > configured using a WSDL that has a transport binding policy including > algorithm suite. Since a few days the error > > These policy alternatives can not be satisfied: { > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AlgorithmSuite { > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Basic256 …. > > is returned. The authentication is client certificate. So my assumption > is that the algorithms for https have changed. The error above does not > return what value was checked. I did some code analysis but I am not able > to find the code where the algorithm is determined that is asserted. I was > also not able to log it. How can I analyze this problem? > > > > Best Regards, > > > > Jörg >
