I have a WCF web service with message security and consuming it from a java web application created with Netbeans with a project using Metro (WSIT+jaxws). All works fine using standard algorithmSuite Basic256 but when I use Basic256Sha256 which is a requirement on the service I get a runtime error saying "SOAPFaultException: An error occurred when verifying security for the message.". When I look i service log it says "The algorithm 'http://www.w3.org/2000/09/xmldsig#hmac-sha1' is not accepted for operation 'SymmetricSignature' by algorithm suite Basic256Sha256.". The question is how I change the client to use SHA2 (Sha256). I'm using Certificate as client credential type.
WCF Binding:
<!-- MESSAGE SECURITY -->
<binding name="myMessageBinding">
<transactionFlow />
<security defaultAlgorithmSuite="Basic256Sha256"
authenticationMode="SecureConversation"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<secureConversationBootstrap defaultAlgorithmSuite="Basic256Sha256"
authenticationMode="MutualCertificate" requireDerivedKeys="false"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireSignatureConfirmation="true" />
</security>
<textMessageEncoding />
<httpTransport />
</binding>
SecurityAlgorithmSuite.IsSymmetricSignatureAlgorithmSupported returns an unsupported algorithm for symetric signature error because Basic256Sha256 uses
as the algorithm used for signature generation and validation and
as the digest algorithm to be applied to the signed object to create or validate the hash for the xml signature.
is valid as symmetric signature for
using
as digest algorithm.
It seems like your Java client is not using the same algorithm to sign the SOAP message, check the SignedInfo SignatureMethod element in the message received from the Java client for
to ensure that the client is not signing using the same algorithm.