问题
I already looking through
An error occurred when verifying security for the message - SAML Token and How to put SAML token directly into JAX-WS service without calling STSClient
I also works on Australian education business. Right now I am struggling with STS service v3 as well. I use cxf and wsdl2java
<jaxws:client name="{http://usi.gov.au/2018/ws/servicepolicy}WS2007FederationHttpBinding_IUSIService" createdFromAPI="true">
<jaxws:inInterceptors>
<ref bean="unexpectedResponseNodeInterceptor"/>
</jaxws:inInterceptors>
<jaxws:properties>
<entry key="ws-security.sts.client">
<bean class="org.apache.cxf.ws.security.trust.STSClient">
<constructor-arg ref="usiClientBus"/>
<property name="wsdlLocation" value="https://softwareauthorisations.ato.gov.au/R3.0/S007v1.3/service.svc"/>
<property name="serviceName" value="{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService"/>
<property name="endpointName" value="{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}S007SecurityTokenServiceEndpoint"/>
<property name="properties">
<map>
<entry key="ws-security.sts.client-soap12-binding" value="true"/>
<entry key="ws-security.signature.crypto" value-ref="ausKeyCryptoService"/>
<entry key="ws-security.callback-handler" value-ref="ausKeyCryptoService"/>
</map>
</property>
</bean>
</entry>
<entry key="ws-security.cache.issued.token.in.endpoint" value="false"/>
</jaxws:properties>
The original error which I faced with: 'E9004 An error was discovered processing the wsse:Security header'. This error documented in MTS-ST doc https://softwaredevelopers.ato.gov.au/sites/default/files/resource-attachments/MAS-ST_SecurityTokenService_ServiceDefinition.pdf
But their explanation really useless.
then I have pointed STSClient to local wsdl file, like
and change AlgorithmSuite as recommended in comments above. I did the same for USI wsdl. The error that I get now is: An error occurred when verifying security for the message. I do not even know if is it better (some progress) or worse (just make step back).
I have looked through soap Envelope message, it contains:
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
I suppose sha1 algorithm is reason of my fault. But it is attribute of my certificate as I understood.
I have also tried code examples that MAS-ST provide: It use proprietary ABR_SecurityTokenManager.jar and Metro ws implementation. I do not know how but it works (at least 1 step of getting security token from MAS-ST side). I have checked soap Envelop as well and was surprised, I contains
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha256"/>
but certificate is the same with my example.
来源:https://stackoverflow.com/questions/61007411/stsclient-an-error-occurred-when-verifying-security-for-the-message