Return-Path: X-Original-To: apmail-cxf-dev-archive@www.apache.org Delivered-To: apmail-cxf-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 46D929F58 for ; Mon, 9 Jan 2012 13:08:23 +0000 (UTC) Received: (qmail 42002 invoked by uid 500); 9 Jan 2012 13:08:15 -0000 Delivered-To: apmail-cxf-dev-archive@cxf.apache.org Received: (qmail 41537 invoked by uid 500); 9 Jan 2012 13:07:44 -0000 Mailing-List: contact dev-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list dev@cxf.apache.org Received: (qmail 41466 invoked by uid 99); 9 Jan 2012 13:07:38 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Jan 2012 13:07:38 +0000 X-ASF-Spam-Status: No, hits=2.0 required=5.0 tests=NORMAL_HTTP_TO_IP,SPF_NEUTRAL,URI_HEX X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [64.95.72.244] (HELO mxout.myoutlookonline.com) (64.95.72.244) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Jan 2012 13:07:30 +0000 Received: from mxout.myoutlookonline.com (localhost [127.0.0.1]) by mxout.myoutlookonline.com (Postfix) with ESMTP id 2D5C17B9DF2; Mon, 9 Jan 2012 08:07:09 -0500 (EST) X-Virus-Scanned: by SpamTitan at mail.lan Received: from S10HUB002.SH10.lan (unknown [10.110.2.1]) by mxout.myoutlookonline.com (Postfix) with ESMTP id 993AE7B9D25; Mon, 9 Jan 2012 08:07:08 -0500 (EST) Received: from S10BE002.SH10.lan ([::1]) by S10HUB002.SH10.lan ([::1]) with mapi id 14.01.0289.001; Mon, 9 Jan 2012 08:07:08 -0500 From: Oliver Wulff To: "dev@cxf.apache.org" , "coheigea@apache.org" Subject: AW: General security error (Provided SAML token does not contain a suitable key) Thread-Topic: General security error (Provided SAML token does not contain a suitable key) Thread-Index: AQHMorylMyQ5ds8jpke9KriYJmuZNZWuiKwAgAEZ6YCAAIKlgIABZN+AgAArsYCAEcI+gIAEMj6AgDPWgoCAAAJTAIAARV+AgAJkjICAAIgqAIABCwMAgASTVCs= Date: Mon, 9 Jan 2012 13:07:06 +0000 Message-ID: <79AB4452999C844D9920E0363533273110A030@S10BE002.SH10.lan> References: <1321467209797-4998600.post@n5.nabble.com> <1321553229128-5001988.post@n5.nabble.com> <1322529527685-5030781.post@n5.nabble.com> <1416917.YXJ4fJfth3@dilbert.dankulp.com> <1325610039284-5117386.post@n5.nabble.com> <1325625435645-5117995.post@n5.nabble.com> <1325786220446-5123388.post@n5.nabble.com>, In-Reply-To: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [195.28.224.59] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 =0A= I guess I understand your problem.=0A= =0A= If you configure the .NET "ws2007FederationHttpBinding" it enforces the usa= ge of WS-SecureConversation. The ws2007FederationHttpBinding is a system-pr= ovided binding. Each WCF binding is built from a set of system-provided bin= ding elements. You can also configure a custom binding which also includes = custom binding elements.=0A= =0A= I assume that you have configured the ws2007FederationHttpBinding binding. = Is that correct? Could you share your .net configuration file?=0A= =0A= The WS-SecureConversation standard defines three use cases:=0A= http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconv= ersation-1.3-os.html#_Toc162064047=0A= =0A= Based on the message sent to CXF (receiver) from .NET, the .NET client send= s the RST (request for the STS) to the application service instead of a ded= icated STS instance. This matches with the last use case described in the s= pec "Security context token created through negotiation/exchanges".=0A= =0A= I've got the question for you whether the usage of WS-SecureConversation is= really needed or is it just used implicitly due to the usage of the wsFede= rationHttpBindig?=0A= =0A= What are your security requirements for the communication between .NET clie= nt and CXF service?=0A= =0A= Thanks=0A= Oli=0A= =0A= =0A= ------=0A= =0A= Oliver Wulff=0A= =0A= http://owulff.blogspot.com=0A= Solution Architect=0A= Talend Application Integration Division http://www.talend.com=0A= =0A= ________________________________________=0A= Von: Colm O hEigeartaigh [coheigea@apache.org]=0A= Gesendet: Freitag, 6. Januar 2012 10:52=0A= Bis: dev@cxf.apache.org=0A= Betreff: Re: General security error (Provided SAML token does not contain a= suitable key)=0A= =0A= You could copy the WS-Security examples system test for Secure=0A= Conversation using your own WSDL and try to reproduce the error that=0A= way:=0A= =0A= http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/te= st/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTes= t.java?view=3Dmarkup=0A= =0A= Colm.=0A= =0A= On Thu, Jan 5, 2012 at 5:57 PM, danlee100 wrote:=0A= > I am not sure what I could provide to you as a test-case.=0A= >=0A= > The WSDL on the server can be seen here:=0A= >=0A= > http://66.211.102.200/gen4/services/AssessmentDataService?wsdl=0A= >=0A= > The client hitting this service is actually a Microsoft implementation.= =0A= >=0A= > --=0A= > View this message in context: http://cxf.547215.n5.nabble.com/Re-General-= security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp499048= 9p5123388.html=0A= > Sent from the cxf-dev mailing list archive at Nabble.com.=0A= =0A= =0A= =0A= --=0A= Colm O hEigeartaigh=0A= =0A= Talend Community Coder=0A= http://coders.talend.com=0A=