Working with CXF STS- STS client example I followed the example at https://web-gmazza.rhcloud.com/blog/entry/cxf-sts-tutorial and my sample code is at https://github.com/sampleref/CXFSecurity for reference. On debugging I found error as below at STS provider
<<||2014-07-13 18:26:50,286||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.UsernameTokenProcessor:50||||>> Found UsernameToken list element
<<||2014-07-13 18:26:50,287||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.validate.UsernameTokenValidator:78||||>> UsernameToken user alice
<<||2014-07-13 18:26:50,287||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.validate.UsernameTokenValidator:79||||>> UsernameToken password type http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
<<||2014-07-13 18:26:50,287||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.SignatureProcessor:115||||>> Found signature element
<<||2014-07-13 18:26:50,288||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.SignatureProcessor:380||||>> Verify XML Signature
<<||2014-07-13 18:26:50,292||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.SignatureProcessor:428||||>> XML Signature verification has failed
<<||2014-07-13 18:26:50,292||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.SignatureProcessor:431||||>> Signature Validation check: false
Please provide some inputs, Its really important working for me with this. I posted more detailed error from STS Client at CXF STS client throws Request does not contain Security header/Response message does not contain WS-Addressing properties
The problem is that you are not supplying the password for the private key in the STS. So for example, adding the following to the StsPasswordCallbackHandler makes the decryption work:
x509Passwords.put("stskeyalias", "stskeypassword");
You also need to remove the BouncyCastle dependency from the STS pom.
Colm.