2 Replies Latest reply on Jan 3, 2012 12:22 PM by dlaprade

    Cannot validate sts token with sign/encrypt

    dlaprade

      Hello,

       

      I am hoping someone can help me quickly solve my issue. It seems that I can verify an STS token using a handler defined in my configuration:

       

      <jaxws:handlers>
              <bean class="org.picketlink.identity.federation.core.wstrust.handlers.STSSaml20Handler"/>
      </jaxws:handlers>
      

       

      If I comment out that handler then try my sign/encryption seems to work as well:

       

      <jaxws:outInterceptors>
                  <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/>
                  <ref bean="SignResponse"/>
      </jaxws:outInterceptors>
      
       <jaxws:inInterceptors>
                  <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
                  <ref bean="SignRequest"/>
       </jaxws:inInterceptors>
      

       

      and:

       

      <bean id="SignRequest" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
      .....
      </bean>
      <bean id="SignResponse" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
      .....
      </bean>
      

       

      The problem exists when I have both turned on:

       

      Caused by: org.apache.cxf.binding.soap.SoapFault: PL00092: Null Value:No security token could be found in the SOAP Header
      

       

      Does anyone know what I am doing wrong? All help is appreciated.