Announcement Announcement Module
No announcement yet.
SecureConversationToken set up Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • SecureConversationToken set up


    I was asked to set up a web service client to pass information to a WCF service (Microsoft Biztalk). We first made a client for this WCF service without any security and this worked fine (using WebServiceTemplates and Jaxb)

    But ultimately the call needs to be done in a secure way. I have attached the WSDL for this secure service.
    WCF provides us with a certificate (put in a .jks file) Passing the certificate seems to be no problem, we use a policy that results in the certificate being included in the soap message:

    <xwss:SecurityConfiguration xmlns:xwss="">
    <xwss:RequireSignature requireTimestamp="false"/>
    <xwss:X509Token certificateAlias="3c9c5891-ea0....."/>

    However, the call still fails with : Exception: The message could not be processed. This is most likely because the action 'ReceiveCertificateTestCBT' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.

    I assume that this has to do with the whole security overhead as set up in the WSDL in the section SecureConversationToken, not so much the X509 certificate?
    I could not find any clues on how to set up a secure conversation in Spring. The only lead I could find was to try and use WSIT, but I have not tried that yet.

    Any pointers / examples in how to set up a secure conversation (SecureConversationToken) with Spring would be appreciated.


    Last edited by markrynbeek; Sep 27th, 2011, 04:11 AM.