These should be the relevant policy validators: - https://github.com/apache/cxf/blob/main/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java - https://github.com/apache/cxf/blob/main/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
Colm. On Wed, Apr 19, 2023 at 9:08 AM Kessler, Joerg <[email protected]> wrote: > > Hi, > most likely this is not the problem since I have the same setup where this is > working. But assuming this could be the cause of the problem: Where would I > find the code that checks for TLS and provides this information for the > policy evaluation? > > -----Original Message----- > From: Alexey Markevich <[email protected]> > Sent: Thursday, 6 April 2023 10:42 > To: [email protected] > Subject: Re: WSDL Algorithm Suite Policy Assertions > > Hi, > Is Java updated? There was some changes in TLS[1]: > JDK-8202343: Disable TLS 1.0 and 1.1 > > 1. https://mail.openjdk.org/pipermail/jdk8u-dev/2021-April/013680.html > > On 4/6/23, Kessler, Joerg <[email protected]> wrote: > > Thank you for your answers. That is what I did. I enabled all loggers for > > CXF and WSS4J and I think Neethi. But I was not able to see something like > > the algorithm suite determined is .... or the layout that is different from > > strict. The only error I see is a stack trace that just lists all algorithm > > policies and the layout policy of the transport binding. Maybe the logs show > > something if WS signature or WS encryption is used. In my case only https is > > used. So I wonder how this is determined for https. > > > > Jörg > > > > -----Original Message----- > > From: Mark Presling <[email protected]> > > Sent: Thursday, 6 April 2023 02:41 > > To: [email protected] > > Subject: Re: WSDL Algorithm Suite Policy Assertions > > > > I'd also enable DEBUG logging for org.apache.wss4j. That's how I find out > > what failed when I'm debugging Signature/Encryption algorithm issues. > > > > On Thu, 6 Apr 2023 at 03:32, Colm O hEigeartaigh <[email protected]> > > wrote: > > > >> I think the best way is to enable debug logging on the CXF side, the > >> root cause should be logged there. > >> > >> Colm. > >> > >> On Wed, Apr 5, 2023 at 7:57 AM Kessler, Joerg > >> <[email protected]> wrote: > >> > > >> > Hi, > >> > A sender system sends SOAP messages to a CXF endpoint. The endpoint is > >> configured using a WSDL that has a transport binding policy including > >> algorithm suite. Since a few days the error > >> > These policy alternatives can not be satisfied: { > >> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AlgorithmSuite > >> { > >> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Basic256 …. > >> > is returned. The authentication is client certificate. So my assumption > >> is that the algorithms for https have changed. The error above does not > >> return what value was checked. I did some code analysis but I am not able > >> to find the code where the algorithm is determined that is asserted. I > >> was > >> also not able to log it. How can I analyze this problem? > >> > > >> > Best Regards, > >> > > >> > Jörg > >> > >
