I am attempting to connect to a .NET service using Apache Axis 1.4 and WSS4J.
I am able to connect to the service with a .NET generated client. In reviewing the XML generated by the .NET client and the Java client, the only differences appear to be in the ordering of some elements and the namespace references in the documents.
When attemping to connect with the Axis client the following error message is returned:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2004/08/addressing/fault</a:Action>
<a:RelatesTo>uuid:d0005720-f26a-11db-a808-ddf06e7ebe2a</a:RelatesTo>
<a:To s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:To>
</s:Header>
<s:Body>
<s:Fault>
<faultcode xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</faultcode>
<faultstring xml:lang="en-US">An error occurred when verifying security for the message.</faultstring>
</s:Fault>
</s:Body></s:Envelope>
Adding tracing to the .NET service the stack trace that occurs when
System.ServiceModel.Security.MessageSecurityException:
The EncryptedKey clause was not wrapped with the required encryption token
'System.IdentityModel.Tokens.X509SecurityToken'
In the working .NET client and the Axis client, the generated request contains the same serial number for the x509Data and the same BinarySecurityToken. The only difference comparing the KeyInfo section of the message appears to be the use of EMAILADDRESS in Axis and E in .NET within the x509IssueName element.