You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Etienne Bernard <eb...@fullsix.com> on 2014/07/01 15:19:00 UTC
Re: Problem with webservice client using WS-SecurityPolicy
So, to close this topic, I just wanted to say that I had to download Oracle
Fusion Middleware to implement my webservice client. It's a pity but that's
the only way I got to support the buggy ws-securitypolicy implementation.
Anyway, thanks for the help.
2014-06-26 18:08 GMT+02:00 Etienne Bernard <eb...@fullsix.com>:
> I have the policy that is sent with the WSDL, that's all I've got...
>
>
> 2014-06-26 17:49 GMT+02:00 Colm O hEigeartaigh <co...@apache.org>:
>
> The "correct" request you sent earlier is (again) incorrect as it only
>> includes one (rsa) signature. The CXF request is correct in that it
>> contains two Signatures, the "Binding" Signature which uses HMAC-SHA1, and
>> then the Endorsing Signature which uses RSA. So it seems like your service
>> is interpreting the specs in a incorrect and non-standard way. Are you
>> sure
>> that you have the policy that matches the service...?
>>
>> Colm.
>>
>>
>> On Thu, Jun 26, 2014 at 4:35 PM, Etienne Bernard <eb...@fullsix.com> wrote:
>>
>> > Ok so I did as you suggest and now the query has the same structure.
>> > However, I've got a new error:
>> >
>> >
>> >
>> oracle.wsm.security.policy.scenario.policycompliance.PolicyComplianceException:
>> > WSM-00059 : Signature method algorithms are mismatched. Expected :
>> > http://www.w3.org/2000/09/xmldsig#rsa-sha1, Actual :
>> > http://www.w3.org/2000/09/xmldsig#hmac-sha1.
>> >
>> > From what I understand (as you say in another thread from last year):
>> >
>> > If you are using WS-SecurityPolicy, then the spec defines the signature
>> > > method as "RSA-SHA1" for Asymmetric Signature, and "HMAC-SHA1" for
>> > > Symmetric Signature.
>> >
>> >
>> > And then the server implementation is incorrect... Do you know what I
>> need
>> > to do to change signature algorithm to rsa-sha1 ?
>> >
>> >
>> > 2014-06-26 16:25 GMT+02:00 Colm O hEigeartaigh <co...@apache.org>:
>> >
>> > > To generate that request then change the security policy so that the
>> > > X509Token ProtectionToken is "AlwaysToRecipient" instead of "Never"
>> and
>> > > remove the RequireThumbprintReference part. If the service can't be
>> fixed
>> > > then I guess you could download the WSDL + change the policy locally.
>> > >
>> > > Colm.
>> > >
>> > >
>> > > On Thu, Jun 26, 2014 at 3:17 PM, Etienne Bernard <eb...@fullsix.com>
>> wrote:
>> > >
>> > > > I was sent a "correct" query:
>> > > >
>> > > > <soapenv:Envelope xmlns:soapenv="
>> > > http://schemas.xmlsoap.org/soap/envelope/
>> > > > "
>> > > > xmlns:typ="http://.../CustomerManagement/types"
>> > > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
>> > > > <soapenv:Header>
>> > > > <wsse:Security soapenv:mustUnderstand="1"
>> > > > xmlns:wsse="
>> > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> > > > ">
>> > > > <wsse:BinarySecurityToken
>> > > > EncodingType="
>> > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>> > > > "
>> > > > ValueType="
>> > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> > > > "
>> > > > wsu:Id="6378850E289FEE2B9A137450589251919"
>> > > > xmlns:wsu="
>> > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> > > > ">
>> > > > MIIB...2JIQ==
>> > > > </wsse:BinarySecurityToken>
>> > > > <xenc:EncryptedKey
>> > > > Id="EncKeyId-6378850E289FEE2B9A137450589251920">
>> > > > <xenc:EncryptionMethod Algorithm="
>> > > > http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
>> > > > <ds:KeyInfo xmlns:ds="
>> > http://www.w3.org/2000/09/xmldsig#
>> > > ">
>> > > > <wsse:SecurityTokenReference>
>> > > > <wsse:Reference
>> > > > URI="#6378850E289FEE2B9A137450589251919"
>> > > > ValueType="
>> > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> > > > "/>
>> > > > </wsse:SecurityTokenReference>
>> > > > </ds:KeyInfo>
>> > > > <xenc:CipherData>
>> > > > <xenc:CipherValue>
>> > > > hWT/...4xUIcps=
>> > > > </xenc:CipherValue>
>> > > > </xenc:CipherData>
>> > > > <xenc:ReferenceList>
>> > > > <xenc:DataReference URI="#EncDataId-16"/>
>> > > > </xenc:ReferenceList>
>> > > > </xenc:EncryptedKey>
>> > > > <wsse:BinarySecurityToken
>> > > > EncodingType="
>> > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>> > > > "
>> > > > ValueType="
>> > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> > > > "
>> > > >
>> wsu:Id="CertId-6378850E289FEE2B9A137450589250516"
>> > > > xmlns:wsu="
>> > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> > > > ">
>> > > > MIIBszCC...byiLA==
>> > > > </wsse:BinarySecurityToken>
>> > > > <ds:Signature Id="Signature-14" xmlns:ds="
>> > > > http://www.w3.org/2000/09/xmldsig#">
>> > > > <ds:SignedInfo>
>> > > > <ds:CanonicalizationMethod Algorithm="
>> > > > http://www.w3.org/2001/10/xml-exc-c14n#"/>
>> > > > <ds:SignatureMethod Algorithm="
>> > > > http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>> > > > <ds:Reference URI="#id-15">
>> > > > <ds:Transforms>
>> > > > <ds:Transform Algorithm="
>> > > > http://www.w3.org/2001/10/xml-exc-c14n#"/>
>> > > > </ds:Transforms>
>> > > > <ds:DigestMethod Algorithm="
>> > > > http://www.w3.org/2000/09/xmldsig#sha1"/>
>> > > >
>> > > > <ds:DigestValue>DmT82SlLj1J8xvu/lszuNMkxXmw=</ds:DigestValue>
>> > > > </ds:Reference>
>> > > > <ds:Reference URI="#Timestamp-13">
>> > > > <ds:Transforms>
>> > > > <ds:Transform Algorithm="
>> > > > http://www.w3.org/2001/10/xml-exc-c14n#"/>
>> > > > </ds:Transforms>
>> > > > <ds:DigestMethod Algorithm="
>> > > > http://www.w3.org/2000/09/xmldsig#sha1"/>
>> > > >
>> > > > <ds:DigestValue>9eRnylMeATMsn8A3/ETXtyyAE9Q=</ds:DigestValue>
>> > > > </ds:Reference>
>> > > > <ds:Reference
>> > > > URI="#CertId-6378850E289FEE2B9A137450589250516">
>> > > > <ds:Transforms>
>> > > > <ds:Transform Algorithm="
>> > > > http://www.w3.org/2001/10/xml-exc-c14n#"/>
>> > > > </ds:Transforms>
>> > > > <ds:DigestMethod Algorithm="
>> > > > http://www.w3.org/2000/09/xmldsig#sha1"/>
>> > > >
>> > > > <ds:DigestValue>WUrtTQ4UL70VqMS4QNMd0lbG2sw=</ds:DigestValue>
>> > > > </ds:Reference>
>> > > > </ds:SignedInfo>
>> > > > <ds:SignatureValue>
>> > > > fapgA...xiJY=
>> > > > </ds:SignatureValue>
>> > > > <ds:KeyInfo
>> > Id="KeyId-6378850E289FEE2B9A137450589250617">
>> > > > <wsse:SecurityTokenReference
>> > > > wsu:Id="STRId-6378850E289FEE2B9A137450589250618"
>> > > > xmlns:wsu="
>> > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> > > > ">
>> > > > <wsse:Reference
>> > > > URI="#CertId-6378850E289FEE2B9A137450589250516"
>> > > > ValueType="
>> > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> > > > "/>
>> > > > </wsse:SecurityTokenReference>
>> > > > </ds:KeyInfo>
>> > > > </ds:Signature>
>> > > > <wsu:Timestamp wsu:Id="Timestamp-13"
>> > > > xmlns:wsu="
>> > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> > > > ">
>> > > > <wsu:Created>2013-07-22T15:11:32.498Z</wsu:Created>
>> > > > <wsu:Expires>2013-07-23T05:04:52.498Z</wsu:Expires>
>> > > > </wsu:Timestamp>
>> > > > </wsse:Security>
>> > > > <typ:customerManagementHeader>
>> > > > <typ:requesterId>something</typ:requesterId>
>> > > >
>> > > <typ:requestId>1234567890-1234567890-1234567890</typ:requestId>
>> > > > <typ:messageTimestamp>22 Jul 2013
>> > > > 15:08:28</typ:messageTimestamp>
>> > > > </typ:customerManagementHeader>
>> > > > </soapenv:Header>
>> > > > <soapenv:Body wsu:Id="id-15"
>> > > > xmlns:wsu="
>> > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> > > > ">
>> > > > <xenc:EncryptedData Id="EncDataId-16" Type="
>> > > > http://www.w3.org/2001/04/xmlenc#Content">
>> > > > <xenc:EncryptionMethod Algorithm="
>> > > > http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
>> > > > <ds:KeyInfo xmlns:ds="
>> http://www.w3.org/2000/09/xmldsig#">
>> > > > <wsse:SecurityTokenReference
>> > > > xmlns:wsse="
>> > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> > > > ">
>> > > > <wsse:Reference
>> > > > URI="#EncKeyId-6378850E289FEE2B9A137450589251920"/>
>> > > > </wsse:SecurityTokenReference>
>> > > > </ds:KeyInfo>
>> > > > <xenc:CipherData>
>> > > >
>> > <xenc:CipherValue>gHgXJ3...NkNRqRtw==</xenc:CipherValue>
>> > > > </xenc:CipherData>
>> > > > </xenc:EncryptedData>
>> > > > </soapenv:Body>
>> > > > </soapenv:Envelope>
>> > > >
>> > > > So, if the server doesn't accept a well-formed query, what are my
>> > > options?
>> > > > Do I need to download and change the WSDL? Can I force the client to
>> > use
>> > > > direct references ? I'm using CXF 3.0.0, by the way.
>> > > >
>> > > > Thanks for your help.
>> > > >
>> > > > 2014-06-26 15:58 GMT+02:00 Colm O hEigeartaigh <coheigea@apache.org
>> >:
>> > > >
>> > > > > I don't agree with that interpretation of the policy. The
>> X509Token
>> > > which
>> > > > > is used to encrypt the symmetric key is "never" to be included,
>> and
>> > is
>> > > to
>> > > > > be referenced via a SHA-1 Thumbprint, and this is what CXF is
>> doing.
>> > > The
>> > > > > BinarySecurityToken in the request is the signing certificate (and
>> > not
>> > > > the
>> > > > > certificate used for encryption)!
>> > > > >
>> > > > > Colm.
>> > > > >
>> > > > >
>> > > > > On Thu, Jun 26, 2014 at 2:25 PM, Etienne Bernard <eb...@fullsix.com>
>> > > wrote:
>> > > > >
>> > > > > > I do not have access to the server but I was told that instead
>> of
>> > > > > >
>> > > > > > <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>> > > > > > <wsse:SecurityTokenReference xmlns:wsse="
>> > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> > > > > > ">
>> > > > > > <wsse:KeyIdentifier EncodingType=
>> > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>> > > > > > ValueType="
>> > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
>> > > > > > ">5SYD2TOoa0W3K0ddRaX4mcE6NoI=</wsse:KeyIdentifier>
>> > > > > > </wsse:SecurityTokenReference>
>> > > > > > </ds:KeyInfo>
>> > > > > >
>> > > > > >
>> > > > > > We should be sending something similar to:
>> > > > > >
>> > > > > > <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>> > > > > > <wsse:SecurityTokenReference>
>> > > > > > <wsse:Reference URI="#6378850E289FEE2B9A137450589251919"
>> > > > > ValueType="
>> > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> > > > > > "
>> > > > > > />
>> > > > > > </wsse:SecurityTokenReference>
>> > > > > > </ds:KeyInfo>
>> > > > > >
>> > > > > > With the reference URI pointing toa BinarySecurityToken.
>> > > > > >
>> > > > > > I don't know much about WS-Security, sorry...
>> > > > > >
>> > > > > > 2014-06-26 14:41 GMT+02:00 Colm O hEigeartaigh <
>> > coheigea@apache.org
>> > > >:
>> > > > > >
>> > > > > > > The request looks ok to me. Is there any more information
>> > available
>> > > > on
>> > > > > > the
>> > > > > > > receiving side as to why the request failed?
>> > > > > > >
>> > > > > > > Colm.
>> > > > > > >
>> > > > > > >
>> > > > > > > On Thu, Jun 26, 2014 at 10:49 AM, Etienne Bernard <
>> > eb@fullsix.com>
>> > > > > > wrote:
>> > > > > > >
>> > > > > > > > The sent XML is (some namespaces removed, and keys
>> shortened to
>> > > > save
>> > > > > > > > space):
>> > > > > > > >
>> > > > > > > > <soap:Envelope xmlns:soap="
>> > > > http://schemas.xmlsoap.org/soap/envelope/
>> > > > > ">
>> > > > > > > > <soap:Header>
>> > > > > > > > <ns2:customerManagementHeader xmlns:ns2="http://
>> > > > > > > > .../CustomerManagement/types"
>> > > > > > > > xmlns:ns3="http://
>> > > > .../types">
>> > > > > > > > <ns2:requesterId>1151</ns2:requesterId>
>> > > > > > > >
>> <ns2:requestId>1151-1403687915203</ns2:requestId>
>> > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> <ns2:messageTimestamp>2014-06-25T11:18:35.203+02:00</ns2:messageTimestamp>
>> > > > > > > > </ns2:customerManagementHeader>
>> > > > > > > > <wsse:Security xmlns:wsse="
>> > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> > > > > > > > "
>> > > > > > > > xmlns:wsu="
>> > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> > > > > > > > "
>> > > > > > > > soap:mustUnderstand="1">
>> > > > > > > > <wsu:Timestamp
>> > > > > > > > wsu:Id="TS-6155664d-3f52-4b1b-bf2b-4643df155fe3">
>> > > > > > > >
>> > > <wsu:Created>2014-06-25T09:18:35.692Z</wsu:Created>
>> > > > > > > >
>> > > <wsu:Expires>2014-06-25T09:23:35.692Z</wsu:Expires>
>> > > > > > > > </wsu:Timestamp>
>> > > > > > > > <xenc:EncryptedKey xmlns:xenc="
>> > > > > > > > http://www.w3.org/2001/04/xmlenc#
>> > > > > > > > "
>> > > > > > > >
>> > > > > > > > Id="EK-58bdf37c-853b-4e17-8fdc-3b13f131ad9b">
>> > > > > > > > <xenc:EncryptionMethod Algorithm="
>> > > > > > > > http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
>> > > > > > > > <ds:KeyInfo xmlns:ds="
>> > > > > > http://www.w3.org/2000/09/xmldsig#
>> > > > > > > ">
>> > > > > > > > <wsse:SecurityTokenReference
>> > > > > > > > xmlns:wsse="
>> > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> > > > > > > > ">
>> > > > > > > > <wsse:KeyIdentifier
>> > > > > > > > EncodingType="
>> > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>> > > > > > > > "
>> > > > > > > > ValueType="
>> > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
>> > > > > > > > ">
>> > > > > > > > 5SYD2TOoa0W3K0ddRaX4mcE6NoI=
>> > > > > > > > </wsse:KeyIdentifier>
>> > > > > > > > </wsse:SecurityTokenReference>
>> > > > > > > > </ds:KeyInfo>
>> > > > > > > > <xenc:CipherData>
>> > > > > > > > <xenc:CipherValue>
>> > > > > > > > loIrd...WHlPk=
>> > > > > > > > </xenc:CipherValue>
>> > > > > > > > </xenc:CipherData>
>> > > > > > > > </xenc:EncryptedKey>
>> > > > > > > > <xenc:ReferenceList xmlns:xenc="
>> > > > > > > > http://www.w3.org/2001/04/xmlenc#">
>> > > > > > > > <xenc:DataReference
>> > > > > > > > URI="#ED-90007a16-4c9c-4692-8d94-11b867204e63"/>
>> > > > > > > > </xenc:ReferenceList>
>> > > > > > > > <wsse:BinarySecurityToken
>> > > > > > > > EncodingType="
>> > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
>> > > > > > > > "
>> > > > > > > > ValueType="
>> > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> > > > > > > > "
>> > > > > > > >
>> > > > > wsu:Id="X509-a3700b91-967d-49c9-90dd-31df78ded988">
>> > > > > > > > MIIFRD...VFgDqKEEVimY=
>> > > > > > > > </wsse:BinarySecurityToken>
>> > > > > > > > <ds:Signature xmlns:ds="
>> > > > > http://www.w3.org/2000/09/xmldsig#
>> > > > > > "
>> > > > > > > > Id="SIG-2775c1ae-f5f3-4642-8242-c3114fa8d478">
>> > > > > > > > <ds:SignedInfo>
>> > > > > > > > <ds:CanonicalizationMethod Algorithm="
>> > > > > > > > http://www.w3.org/2001/10/xml-exc-c14n#">
>> > > > > > > > <ec:InclusiveNamespaces xmlns:ec="
>> > > > > > > > http://www.w3.org/2001/10/xml-exc-c14n#"
>> PrefixList="soap"/>
>> > > > > > > > </ds:CanonicalizationMethod>
>> > > > > > > > <ds:SignatureMethod Algorithm="
>> > > > > > > > http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
>> > > > > > > > <ds:Reference
>> > > > > > > > URI="#_e0f43a9b-28bc-4d0d-ae10-59a6e4caf810">
>> > > > > > > > <ds:Transforms>
>> > > > > > > > <ds:Transform Algorithm="
>> > > > > > > > http://www.w3.org/2001/10/xml-exc-c14n#">
>> > > > > > > > <ec:InclusiveNamespaces
>> > > xmlns:ec="
>> > > > > > > > http://www.w3.org/2001/10/xml-exc-c14n#"
>> > > > > > > >
>> > > > > PrefixList=""/>
>> > > > > > > > </ds:Transform>
>> > > > > > > > </ds:Transforms>
>> > > > > > > > <ds:DigestMethod Algorithm="
>> > > > > > > > http://www.w3.org/2000/09/xmldsig#sha1"/>
>> > > > > > > >
>> > > > > > > >
>> <ds:DigestValue>KooneDYHDLO3YSMKMxBCXC8uHi4=</ds:DigestValue>
>> > > > > > > > </ds:Reference>
>> > > > > > > > <ds:Reference
>> > > > > > > > URI="#TS-6155664d-3f52-4b1b-bf2b-4643df155fe3">
>> > > > > > > > <ds:Transforms>
>> > > > > > > > <ds:Transform Algorithm="
>> > > > > > > > http://www.w3.org/2001/10/xml-exc-c14n#">
>> > > > > > > > <ec:InclusiveNamespaces
>> > > xmlns:ec="
>> > > > > > > > http://www.w3.org/2001/10/xml-exc-c14n#"
>> > > > > > > >
>> > > > > > PrefixList="wsse
>> > > > > > > > soap"/>
>> > > > > > > > </ds:Transform>
>> > > > > > > > </ds:Transforms>
>> > > > > > > > <ds:DigestMethod Algorithm="
>> > > > > > > > http://www.w3.org/2000/09/xmldsig#sha1"/>
>> > > > > > > >
>> > > > > > > >
>> <ds:DigestValue>LEdFfdqTd/3WLLQs2S0HrwbSHZ8=</ds:DigestValue>
>> > > > > > > > </ds:Reference>
>> > > > > > > > <ds:Reference
>> > > > > > > > URI="#EK-58bdf37c-853b-4e17-8fdc-3b13f131ad9b">
>> > > > > > > > <ds:Transforms>
>> > > > > > > > <ds:Transform Algorithm="
>> > > > > > > > http://www.w3.org/2001/10/xml-exc-c14n#">
>> > > > > > > > <ec:InclusiveNamespaces
>> > > xmlns:ec="
>> > > > > > > > http://www.w3.org/2001/10/xml-exc-c14n#"
>> > > > > > > >
>> > > > > > PrefixList="wsse
>> > > > > > > > wsu soap"/>
>> > > > > > > > </ds:Transform>
>> > > > > > > > </ds:Transforms>
>> > > > > > > > <ds:DigestMethod Algorithm="
>> > > > > > > > http://www.w3.org/2000/09/xmldsig#sha1"/>
>> > > > > > > >
>> > > > > > > >
>> <ds:DigestValue>5zYHKGlTpkndAUmTIlkpK8pXpUw=</ds:DigestValue>
>> > > > > > > > </ds:Reference>
>> > > > > > > > </ds:SignedInfo>
>> > > > > > > >
>> > > > > > > >
>> > > <ds:SignatureValue>BXeF1+ZVEd3FNeusZYZOq8nQTdY=</ds:SignatureValue>
>> > > > > > > > <ds:KeyInfo
>> > > > > > Id="KI-ca399097-0495-4189-aa09-166bc93d42d8">
>> > > > > > > > <wsse:SecurityTokenReference
>> > > > > > > > xmlns:wsse11="
>> > > > > > > >
>> > > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
>> > > > "
>> > > > > > > > wsse11:TokenType="
>> > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
>> > > > > > > > "
>> > > > > > > >
>> > > > > > > > wsu:Id="STR-8b105498-9664-4879-9e9b-baedb29b713a">
>> > > > > > > > <wsse:Reference
>> > > > > > > > URI="#EK-58bdf37c-853b-4e17-8fdc-3b13f131ad9b"
>> > > > > > > > ValueType="
>> > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
>> > > > > > > > "/>
>> > > > > > > > </wsse:SecurityTokenReference>
>> > > > > > > > </ds:KeyInfo>
>> > > > > > > > </ds:Signature>
>> > > > > > > > <ds:Signature xmlns:ds="
>> > > > > http://www.w3.org/2000/09/xmldsig#
>> > > > > > "
>> > > > > > > > Id="SIG-0e7074e8-9ab3-4fcd-bdc7-98eb5e78bcc2">
>> > > > > > > > <ds:SignedInfo>
>> > > > > > > > <ds:CanonicalizationMethod Algorithm="
>> > > > > > > > http://www.w3.org/2001/10/xml-exc-c14n#">
>> > > > > > > > <ec:InclusiveNamespaces xmlns:ec="
>> > > > > > > > http://www.w3.org/2001/10/xml-exc-c14n#"
>> PrefixList="soap"/>
>> > > > > > > > </ds:CanonicalizationMethod>
>> > > > > > > > <ds:SignatureMethod Algorithm="
>> > > > > > > > http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>> > > > > > > > <ds:Reference
>> > > > > > > > URI="#SIG-2775c1ae-f5f3-4642-8242-c3114fa8d478">
>> > > > > > > > <ds:Transforms>
>> > > > > > > > <ds:Transform Algorithm="
>> > > > > > > > http://www.w3.org/2001/10/xml-exc-c14n#">
>> > > > > > > > <ec:InclusiveNamespaces
>> > > xmlns:ec="
>> > > > > > > > http://www.w3.org/2001/10/xml-exc-c14n#"
>> > > > > > > >
>> > > > > > PrefixList="wsse
>> > > > > > > > wsu soap"/>
>> > > > > > > > </ds:Transform>
>> > > > > > > > </ds:Transforms>
>> > > > > > > > <ds:DigestMethod Algorithm="
>> > > > > > > > http://www.w3.org/2000/09/xmldsig#sha1"/>
>> > > > > > > >
>> > > > > > > >
>> <ds:DigestValue>kb3GDrU3fx2ayWg1SO8FtX254Rg=</ds:DigestValue>
>> > > > > > > > </ds:Reference>
>> > > > > > > > <ds:Reference
>> > > > > > > > URI="#X509-a3700b91-967d-49c9-90dd-31df78ded988">
>> > > > > > > > <ds:Transforms>
>> > > > > > > > <ds:Transform Algorithm="
>> > > > > > > > http://www.w3.org/2001/10/xml-exc-c14n#">
>> > > > > > > > <ec:InclusiveNamespaces
>> > > xmlns:ec="
>> > > > > > > > http://www.w3.org/2001/10/xml-exc-c14n#"
>> > > > > > > >
>> > > > > > > PrefixList="soap"/>
>> > > > > > > > </ds:Transform>
>> > > > > > > > </ds:Transforms>
>> > > > > > > > <ds:DigestMethod Algorithm="
>> > > > > > > > http://www.w3.org/2000/09/xmldsig#sha1"/>
>> > > > > > > >
>> > > > > > > >
>> <ds:DigestValue>rlKWq5FaOHbZSjAXFFpseYSraxM=</ds:DigestValue>
>> > > > > > > > </ds:Reference>
>> > > > > > > > </ds:SignedInfo>
>> > > > > > > > <ds:SignatureValue>
>> > > > > > > > GPl3PhtcR...PivA7pg==
>> > > > > > > > </ds:SignatureValue>
>> > > > > > > > <ds:KeyInfo
>> > > > > > Id="KI-cdeff271-e33b-4ede-aa45-e7b8be090dfe">
>> > > > > > > > <wsse:SecurityTokenReference
>> > > > > > > > wsu:Id="STR-1b1af258-fbd8-4c69-9327-bd70ecdc0a0e">
>> > > > > > > > <wsse:Reference
>> > > > > > > > URI="#X509-a3700b91-967d-49c9-90dd-31df78ded988"
>> > > > > > > > ValueType="
>> > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
>> > > > > > > > "/>
>> > > > > > > > </wsse:SecurityTokenReference>
>> > > > > > > > </ds:KeyInfo>
>> > > > > > > > </ds:Signature>
>> > > > > > > > </wsse:Security>
>> > > > > > > > </soap:Header>
>> > > > > > > > <soap:Body xmlns:wsu="
>> > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> > > > > > > > "
>> > > > > > > >
>> wsu:Id="_e0f43a9b-28bc-4d0d-ae10-59a6e4caf810">
>> > > > > > > > <xenc:EncryptedData xmlns:xenc="
>> > > > > > > http://www.w3.org/2001/04/xmlenc#"
>> > > > > > > > Id="ED-90007a16-4c9c-4692-8d94-11b867204e63"
>> > > > > > > > Type="
>> > > > > > > http://www.w3.org/2001/04/xmlenc#Content
>> > > > > > > > ">
>> > > > > > > > <xenc:EncryptionMethod Algorithm="
>> > > > > > > > http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
>> > > > > > > > <ds:KeyInfo xmlns:ds="
>> > > > http://www.w3.org/2000/09/xmldsig#
>> > > > > ">
>> > > > > > > > <wsse:SecurityTokenReference
>> > > > > > > > xmlns:wsse="
>> > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> > > > > > > > "
>> > > > > > > > xmlns:wsse11="
>> > > > > > > >
>> > > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
>> > > > "
>> > > > > > > > wsse11:TokenType="
>> > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
>> > > > > > > > ">
>> > > > > > > > <wsse:Reference
>> > > > > > > > URI="#EK-58bdf37c-853b-4e17-8fdc-3b13f131ad9b"/>
>> > > > > > > > </wsse:SecurityTokenReference>
>> > > > > > > > </ds:KeyInfo>
>> > > > > > > > <xenc:CipherData>
>> > > > > > > > <xenc:CipherValue>
>> > > > > > > > HTiaIZX...kO22sw==
>> > > > > > > > </xenc:CipherValue>
>> > > > > > > > </xenc:CipherData>
>> > > > > > > > </xenc:EncryptedData>
>> > > > > > > > </soap:Body>
>> > > > > > > > </soap:Envelope>
>> > > > > > > >
>> > > > > > > >
>> > > > > > > > 2014-06-26 11:24 GMT+02:00 Colm O hEigeartaigh <
>> > > > coheigea@apache.org
>> > > > > >:
>> > > > > > > >
>> > > > > > > > > What does the request that CXF generates look like?
>> > > > > > > > >
>> > > > > > > > > Colm.
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > > > On Thu, Jun 26, 2014 at 9:36 AM, Etienne Bernard <
>> > > eb@fullsix.com
>> > > > >
>> > > > > > > wrote:
>> > > > > > > > >
>> > > > > > > > > > Hi,
>> > > > > > > > > >
>> > > > > > > > > > I need to consume a webservice which uses
>> > WS-SecurityPolicy,
>> > > > > > managed
>> > > > > > > by
>> > > > > > > > > > Oracle Webservices Manager, configured using the profile
>> > > > > > > > > >
>> > > oracle/wss11_x509_token_with_message_protection_service_policy.
>> > > > > > This
>> > > > > > > > > policy
>> > > > > > > > > > requires signing and encrypting the query using a x509
>> > > > > certificate.
>> > > > > > > > Here
>> > > > > > > > > is
>> > > > > > > > > > the relevant policy part of the WSDL:
>> > > > > > > > > >
>> > > > > > > > > > <wsp:Policy
>> > > > > > > > > >
>> > wsu:Id="CustomerManagementSoapHttpBindingQSPort_Fault_Policy"
>> > > > > > > > xmlns:wsp="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2004/09/policy"
>> xmlns:wsu="
>> > > > > > > > > >
>> > > > > > > > > >
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> > > > > > > > > > "/>
>> > > > > > > > > > <wsp:Policy
>> > > > > > > > > >
>> > wsu:Id="CustomerManagementSoapHttpBindingQSPort_Input_Policy"
>> > > > > > > > xmlns:wsp="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2004/09/policy"
>> xmlns:wsu="
>> > > > > > > > > >
>> > > > > > > > > >
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> > > > > > > > > > ">
>> > > > > > > > > > <sp:SignedParts xmlns:sp="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> > > > > > > > > > <sp:Body/>
>> > > > > > > > > > <sp:Header Namespace="
>> > > > > > > http://www.w3.org/2005/08/addressing
>> > > > > > > > > "/>
>> > > > > > > > > > <sp:Header Namespace="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
>> > > > > > > > > > <sp:Header Name="fmw-context" Namespace="
>> > > > > > > > > > http://xmlns.oracle.com/fmw/context/1.0"/>
>> > > > > > > > > > <sp:Header Name="SignatureConfirmation"
>> > > Namespace="
>> > > > > > > > > >
>> > > > >
>> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
>> > > > > > > "/>
>> > > > > > > > > > </sp:SignedParts>
>> > > > > > > > > > <sp:EncryptedParts xmlns:sp="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> > > > > > > > > > <sp:Body/>
>> > > > > > > > > > <sp:Header Name="fmw-context" Namespace="
>> > > > > > > > > > http://xmlns.oracle.com/fmw/context/1.0"/>
>> > > > > > > > > > </sp:EncryptedParts>
>> > > > > > > > > > </wsp:Policy>
>> > > > > > > > > > <wsp:Policy
>> > > > > > > > > >
>> > > wsu:Id="CustomerManagementSoapHttpBindingQSPort_Output_Policy"
>> > > > > > > > > xmlns:wsp="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2004/09/policy"
>> xmlns:wsu="
>> > > > > > > > > >
>> > > > > > > > > >
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> > > > > > > > > > ">
>> > > > > > > > > > <sp:SignedParts xmlns:sp="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> > > > > > > > > > <sp:Body/>
>> > > > > > > > > > </sp:SignedParts>
>> > > > > > > > > > <sp:EncryptedParts xmlns:sp="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> > > > > > > > > > <sp:Body/>
>> > > > > > > > > > </sp:EncryptedParts>
>> > > > > > > > > > </wsp:Policy>
>> > > > > > > > > > <wsp:Policy
>> > > > > > > > > >
>> > > > wsu:Id="wss11_x509_token_with_message_protection_service_policy"
>> > > > > > > > > > xmlns:wsp="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2004/09/policy"
>> xmlns:wsu="
>> > > > > > > > > >
>> > > > > > > > > >
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> > > > > > > > > > ">
>> > > > > > > > > > <sp:SymmetricBinding xmlns:sp="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> > > > > > > > > > <wsp:Policy>
>> > > > > > > > > > <sp:ProtectionToken>
>> > > > > > > > > > <wsp:Policy>
>> > > > > > > > > > <sp:X509Token sp:IncludeToken="
>> > > > > > > > > >
>> > > > > > > >
>> > > > > >
>> > > >
>> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never
>> > > > > > > > > ">
>> > > > > > > > > > <wsp:Policy>
>> > > > > > > > > >
>> > > > <sp:RequireThumbprintReference/>
>> > > > > > > > > > <sp:WssX509V3Token11/>
>> > > > > > > > > > </wsp:Policy>
>> > > > > > > > > > </sp:X509Token>
>> > > > > > > > > > </wsp:Policy>
>> > > > > > > > > > </sp:ProtectionToken>
>> > > > > > > > > > <sp:AlgorithmSuite>
>> > > > > > > > > > <wsp:Policy>
>> > > > > > > > > > <sp:Basic128/>
>> > > > > > > > > > </wsp:Policy>
>> > > > > > > > > > </sp:AlgorithmSuite>
>> > > > > > > > > > <sp:Layout>
>> > > > > > > > > > <wsp:Policy>
>> > > > > > > > > > <sp:Lax/>
>> > > > > > > > > > </wsp:Policy>
>> > > > > > > > > > </sp:Layout>
>> > > > > > > > > > <sp:IncludeTimestamp/>
>> > > > > > > > > > <sp:ProtectTokens/>
>> > > > > > > > > > <sp:OnlySignEntireHeadersAndBody/>
>> > > > > > > > > > </wsp:Policy>
>> > > > > > > > > > </sp:SymmetricBinding>
>> > > > > > > > > > <sp:EndorsingSupportingTokens xmlns:sp="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> > > > > > > > > > <wsp:Policy>
>> > > > > > > > > > <sp:X509Token sp:IncludeToken="
>> > > > > > > > > >
>> > > > > > > > > >
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>> > > > > > > > > > ">
>> > > > > > > > > > <wsp:Policy>
>> > > > > > > > > > <sp:WssX509V3Token11/>
>> > > > > > > > > > </wsp:Policy>
>> > > > > > > > > > </sp:X509Token>
>> > > > > > > > > > </wsp:Policy>
>> > > > > > > > > > </sp:EndorsingSupportingTokens>
>> > > > > > > > > > <sp:Wss11 xmlns:sp="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> > > > > > > > > > <wsp:Policy>
>> > > > > > > > > > <sp:RequireSignatureConfirmation/>
>> > > > > > > > > > <sp:MustSupportRefEncryptedKey/>
>> > > > > > > > > > </wsp:Policy>
>> > > > > > > > > > </sp:Wss11>
>> > > > > > > > > > </wsp:Policy>
>> > > > > > > > > >
>> > > > > > > > > > Y
>> > > > > > > > > >
>> > > > > > > > > > <wsdl:binding
>> name="CustomerManagementSoapHttpBinding"
>> > > > > > > > > > type="WL5G3N2:CustomerManagement">
>> > > > > > > > > > <WL5G3N4:binding style="document" transport="
>> > > > > > > > > > http://schemas.xmlsoap.org/soap/http"/>
>> > > > > > > > > > <wsp:PolicyReference
>> > > > > > > > > >
>> > > URI="#wss11_x509_token_with_message_protection_service_policy"
>> > > > > > > > > > wsdl:required="false" xmlns:wsp="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2004/09/policy"/>
>> > > > > > > > > > <wsdl:operation name="getCustomerInfo">
>> > > > > > > > > > <WL5G3N4:operation/>
>> > > > > > > > > > <wsdl:input>
>> > > > > > > > > > <WL5G3N4:header
>> > > > > > message="WL5G3N2:getCustomerInfoMsg"
>> > > > > > > > > > part="customerManagementHeader" use="literal"/>
>> > > > > > > > > > <WL5G3N4:body use="literal"
>> > > > > > > > parts="getCustomerInfoData"/>
>> > > > > > > > > > <wsp:PolicyReference
>> > > > > > > > > >
>> URI="#CustomerManagementSoapHttpBindingQSPort_Input_Policy"
>> > > > > > > > > > wsdl:required="false" xmlns:wsp="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2004/09/policy"/>
>> > > > > > > > > > </wsdl:input>
>> > > > > > > > > > <wsdl:output>
>> > > > > > > > > > <WL5G3N4:header
>> > > > > > > > > > message="WL5G3N2:getCustomerInfoResponseMsg"
>> > > > > > > > > > part="customerManagementResponseHeader" use="literal"/>
>> > > > > > > > > > <WL5G3N4:body use="literal"
>> > > > > > > > > > parts="getCustomerInfoDataResponse"/>
>> > > > > > > > > > <wsp:PolicyReference
>> > > > > > > > > >
>> > URI="#CustomerManagementSoapHttpBindingQSPort_Output_Policy"
>> > > > > > > > > > wsdl:required="false" xmlns:wsp="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2004/09/policy"/>
>> > > > > > > > > > </wsdl:output>
>> > > > > > > > > > <wsdl:fault name="NoSuchElementException">
>> > > > > > > > > > <WL5G3N4:fault
>> > name="NoSuchElementException"
>> > > > > > > > > > use="literal"/>
>> > > > > > > > > > <wsp:PolicyReference
>> > > > > > > > > >
>> URI="#CustomerManagementSoapHttpBindingQSPort_Fault_Policy"
>> > > > > > > > > > wsdl:required="false" xmlns:wsp="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2004/09/policy"/>
>> > > > > > > > > > </wsdl:fault>
>> > > > > > > > > > <wsdl:fault name="InternalError">
>> > > > > > > > > > <WL5G3N4:fault name="InternalError"
>> > > > > use="literal"/>
>> > > > > > > > > > <wsp:PolicyReference
>> > > > > > > > > >
>> URI="#CustomerManagementSoapHttpBindingQSPort_Fault_Policy"
>> > > > > > > > > > wsdl:required="false" xmlns:wsp="
>> > > > > > > > > > http://schemas.xmlsoap.org/ws/2004/09/policy"/>
>> > > > > > > > > > </wsdl:fault>
>> > > > > > > > > > </wsdl:operation>
>> > > > > > > > > > </wsdl:binding>
>> > > > > > > > > >
>> > > > > > > > > > The client config is very similar to the sample
>> > > > > > > > > > "ws_security/sign_enc_policy":
>> > > > > > > > > >
>> > > > > > > > > > <cxf:bus>
>> > > > > > > > > > <cxf:features>
>> > > > > > > > > > <cxf:logging/>
>> > > > > > > > > > </cxf:features>
>> > > > > > > > > > </cxf:bus>
>> > > > > > > > > >
>> > > > > > > > > > <bean id="keystorePasswordCallback"
>> > > > > > > > > > class="my.project.KeystorePasswordCallback"/>
>> > > > > > > > > >
>> > > > > > > > > > <jaxws:client name="{http://
>> > > > > > > > > >
>> > > .../CustomerManagement}CustomerManagementSoapHttpBindingQSPort"
>> > > > > > > > > > createdFromAPI="true">
>> > > > > > > > > > <jaxws:properties>
>> > > > > > > > > > <entry key="ws-security.callback-handler"
>> > > > > > > > > > value-ref="keystorePasswordCallback"/>
>> > > > > > > > > > <entry
>> key="ws-security.signature.properties"
>> > > > > > > > > > value="etc/Client_Sign.properties"/>
>> > > > > > > > > > <entry key="ws-security.signature.username"
>> > > > > > > > > > value="clientx509v1"/>
>> > > > > > > > > > <entry
>> key="ws-security.encryption.properties"
>> > > > > > > > > > value="etc/Client_Encrypt.properties"/>
>> > > > > > > > > > <entry key="ws-security.encryption.username"
>> > > > > > > > > > value="serverx509v1"/>
>> > > > > > > > > > </jaxws:properties>
>> > > > > > > > > > </jaxws:client>
>> > > > > > > > > >
>> > > > > > > > > > The error I get at the other end is :
>> > > > > > > > > >
>> > > > > > > > > >
>> > > > > > > > > >
>> > > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> oracle.wsm.security.policy.scenario.policycompliance.PolicyComplianceException:
>> > > > > > > > > > WSM-00034 : Error in Encryption reference mechanism
>> > > compliance
>> > > > :
>> > > > > > > > > Expected :
>> > > > > > > > > > direct , Actual : null. Ensure that a compatible policy
>> is
>> > > > > attached
>> > > > > > > at
>> > > > > > > > > the
>> > > > > > > > > > client side.
>> > > > > > > > > >
>> > > > > > > > > > I don't know what I need to do to force encryption
>> policy
>> > to
>> > > > > > direct.
>> > > > > > > > And
>> > > > > > > > > I
>> > > > > > > > > > don't know if I won't have other problems after that.
>> > > > > > > > > >
>> > > > > > > > > > Did anyone manage to connect to a OWSM webservice with
>> the
>> > > same
>> > > > > > > > security
>> > > > > > > > > > policy?
>> > > > > > > > > >
>> > > > > > > > > > Thank you.
>> > > > > > > > > > --
>> > > > > > > > > > Etienne Bernard <eb...@fullsix.com>
>> > > > > > > > > > Director Técnico - FullSIX España -
>> http://www.fullsix.es/
>> > > > > > > > > >
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > > > --
>> > > > > > > > > Colm O hEigeartaigh
>> > > > > > > > >
>> > > > > > > > > Talend Community Coder
>> > > > > > > > > http://coders.talend.com
>> > > > > > > > >
>> > > > > > > >
>> > > > > > > >
>> > > > > > > >
>> > > > > > > > --
>> > > > > > > > Etienne Bernard <eb...@fullsix.com>
>> > > > > > > > Director Técnico - FullSIX España - http://www.fullsix.es/
>> > > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > > > > --
>> > > > > > > Colm O hEigeartaigh
>> > > > > > >
>> > > > > > > Talend Community Coder
>> > > > > > > http://coders.talend.com
>> > > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > > --
>> > > > > > Etienne Bernard <eb...@fullsix.com>
>> > > > > > Director Técnico - FullSIX España - http://www.fullsix.es/
>> > > > > >
>> > > > >
>> > > > >
>> > > > >
>> > > > > --
>> > > > > Colm O hEigeartaigh
>> > > > >
>> > > > > Talend Community Coder
>> > > > > http://coders.talend.com
>> > > > >
>> > > >
>> > > >
>> > > >
>> > > > --
>> > > > Etienne Bernard <eb...@fullsix.com>
>> > > > Director Técnico - FullSIX España - http://www.fullsix.es/
>> > > >
>> > >
>> > >
>> > >
>> > > --
>> > > Colm O hEigeartaigh
>> > >
>> > > Talend Community Coder
>> > > http://coders.talend.com
>> > >
>> >
>> >
>> >
>> > --
>> > Etienne Bernard <eb...@fullsix.com>
>> > Director Técnico - FullSIX España - http://www.fullsix.es/
>> >
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
>
> --
> Etienne Bernard <eb...@fullsix.com>
> Director Técnico - FullSIX España - http://www.fullsix.es/
>
--
Etienne Bernard <eb...@fullsix.com>
Director Técnico - FullSIX España - http://www.fullsix.es/