
David Valeri updated CXF-2914:

    Fix Version/s: 2.3

> Digest algorithm defined in WS-SecurityPolicy is not honored in WS-Security 
> signature from client
> -------------------------------------------------------------------------------------------------
>                 Key: CXF-2914
>                 URL: https://issues.apache.org/jira/browse/CXF-2914
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.3, 2.2.10
>            Reporter: Rich Newcomb
>            Assignee: David Valeri
>             Fix For: 2.3, 2.2.10
>         Attachments: CXF-2914-trunk.patch
> The digest algorithm "http://www.w3.org/2000/09/xmldsig#sha1"; is used in 
> digital signatures from clients configured via WS-SecurityPolicy even when an 
> AlgorithmSuite is defined within the policy that should resolve to a 
> different digest algorithm.  For example, the following AlgorithmSuite policy 
> should result in the digest algorithm of 
> "http://www.w3.org/2001/04/xmlenc#sha256"; (per the WS-SecurityPolicy 
> specification):
> <sp:AlgorithmSuite>
>     <wsp:Policy>
>         <sp:Basic256Sha256 />
>     </wsp:Policy>
> </sp:AlgorithmSuite>
> The correct digest algorithm is determined by the AlgorithmSuite in the 
> Binding; however, the algorithm information is not propagated to the 
> WSSecSignature object that creates the signature.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

Reply via email to