We Keep Coding

org.apache.cxf.ws.policy.PolicyException: cause: cxf bundle

org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied.
This exception is getting due to the cxf bundle. I am not sure how to get away from this. Anyone has any idea about this issue?
The service client works as a java program but when deployed as a service in WSO2 application server it throws this exception. The cause in CXF bundle but not sure how to avoid it.
Exception trace:
WARN {org.apache.cxf.phase.PhaseInterceptorChain} - Application {http://test.tss.com/}Sync#{http://test.tss.com/}hello has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied.
at org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:162)
at org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.createFault(AbstractJAXWSMethodInvoker.java:213)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:128)
at org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.invoke(AbstractJAXWSMethodInvoker.java:178)
at org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:68)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:75)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:57)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:106)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:203)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:159)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at
I don't have any policy XML. The wsdl includes the policy tags:
<wsp:Policy wsu:Id="BN_BN_binding_SOAP12">
<saptrnbnd:OptimizedXMLTransfer xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/" uri="http://xml.sap.com/2006/11/esi/esp/binxml" wsp:Optional="true" />
<saptrnbnd:OptimizedMimeSerialization xmlns:saptrnbnd="http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization" wsp:Optional="true" />
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken>
<wsp:Policy>
<sp:HttpBasicAuthentication />
</wsp:Policy>
</sp:HttpsToken>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128Rsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
</wsp:All>
</wsp:ExactlyOne>
<wsp:ExactlyOne>
<wsp:All>
<wsrmp:RMAssertion xmlns:wsrmp="http://docs.oasis-open.org/ws-rx/wsrmp/200702">
<wsp:Policy />
</wsrmp:RMAssertion>
<wsaw:UsingAddressing xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" />
</wsp:All>
<wsp:All>
<wsrm:RMAssertion xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm/policy" />
<wsaw:UsingAddressing xmlns:wsaw="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
</wsp:All>
</wsp:ExactlyOne>

I have solved this.
I have added the tag to the cxf file and set the right security certificates
Sample cxf file
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core"
xmlns:p="http://cxf.apache.org/policy"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd ">
<cxf:bus>
<cxf:features>
<p:policies />
<cxf:logging />
</cxf:features>
</cxf:bus>
<jaxws:server id="CustomerSyncService" address="/customer_sync_service">
<jaxws:serviceBean>
<bean class="com.CustomerService" />
</jaxws:serviceBean>
</jaxws:server>
</beans>

SSL Certificate Import and configuration for JBoss

I am fairly new to the JBoss configuration and I have been asked to import a certificate into the JBoss App server. Based on what I have read around on the forums I think I did what was necessary but we still keep seeing the "None of the TrustManagers allowed for trust of the SSL certificate(s) provided by the remote server to which this client attempted a connection" error message. We have hosted a Pega application on our JBoss server and the Pega application makes a 1-way outbound call to consume services from IBM Datapower. We are using Red Hat JBoss Middleware (EWS+EAP) on Red Hat Enterprise Linux 7.1 and have setup the JBoss in Domain mode.
JBoss Enterprise Application Platform version 6.4 is installed under /opt/jboss folder owned by jboss system user configured running in Domain mode only. The environment is pre-configured with one Domain controller and one or more Host controllers. All host controllers can be managed by the domain controller. The environment is also tailored to operate in full-HA profile exclusively.
We have a SGWSGateway-sscert.pem certificate for Datapower that I was asked to import into JBoss. The steps I took were. If I can get any help on what I have setup incorrectly or what I need to change, I will be greatly obliged.
1) Import it into the jbossTrust.jks in /host-controller/configuration/keystores using an alias -sgwsgateway.
2) The domain.xml configuration is:
<subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl/>
</connector>
<connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
</virtual-server>
</subsystem>
<interfaces>
<interface name="management"/>
<interface name="public"/>
<interface name="unsecure"/>
</interfaces>
<socket-binding-groups>
<socket-binding-group name="full-ha-sockets" default-interface="public">
<socket-binding name="ajp" port="8009"/>
<socket-binding name="http" port="8080"/>
<socket-binding name="https" port="8443"/>
<socket-binding name="jacorb" interface="unsecure" port="3528"/>
<socket-binding name="jacorb-ssl" interface="unsecure" port="3529"/>
<socket-binding name="jgroups-mping" port="0" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
<socket-binding name="jgroups-tcp" port="7600"/>
<socket-binding name="jgroups-tcp-fd" port="57600"/>
<socket-binding name="jgroups-udp" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
<socket-binding name="jgroups-udp-fd" port="54200"/>
<socket-binding name="messaging" port="5445"/>
<socket-binding name="messaging-group" port="0" multicast-address="${jboss.messaging.group.address:231.7.7.7}" multicast-port="${jboss.messaging.group.port:9876}"/>
<socket-binding name="messaging-throughput" port="5455"/>
<socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/>
<socket-binding name="remoting" port="4447"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<outbound-socket-binding name="mail-smtp">
<remote-destination host="localhost" port="25"/>
</outbound-socket-binding>
</socket-binding-group>
</socket-binding-groups>
<server-groups>
<server-group name="jboss-server-group" profile="full-ha">
<jvm name="pega_default">
<heap size="4096m" max-size="8192m"/>
<permgen size="768m" max-size="1536m"/>
<jvm-options>
<option value="-Xms8192m"/>
<option value="-Xmx8192m"/>
<option value="-XX:NewSize=1536m"/>
<option value="-XX:MaxNewSize=1536m"/>
<option value="-XX:PermSize=768m"/>
<option value="-XX:MaxPermSize=1536m"/>
<option value="-Djboss.as.management.blocking.timeout=60000"/>
<option value="-Djava.net.preferIPv4Stack=true"/>
<option value="-XX:TargetSurvivorRatio=90"/>
<option value="-XX:+UseParNewGC"/>
<option value="-XX:+UseConcMarkSweepGC"/>
<option value="-XX:+UseCMSInitiatingOccupancyOnly"/>
<option value="-XX:CMSInitiatingOccupancyFraction=80"/>
<option value="-XX:+CMSClassUnloadingEnabled"/>
<option value="-XX:ReservedCodeCacheSize=768m"/>
<option value="-XX:+UseCodeCacheFlushing"/>
<option value="-XX:+DisableExplicitGC"/>
<option value="-XX:+PrintGCDetails"/>
<option value="-verbose:gc"/>
<option value="-Xloggc:/opt/jboss/host-controller/log/gc.%t.%p.log"/>
<option value="-XX:+UseGCLogFileRotation"/>
<option value="-XX:NumberOfGCLogFiles=10"/>
<option value="-XX:GCLogFileSize=1M"/>
<option value="-Djava.awt.headless=true"/>
<option value="-Djboss.modules.policy-permissions=true"/>
</jvm-options>
</jvm>
<socket-binding-group ref="full-ha-sockets"/>
<deployments>
<deployment name="example.war" runtime-name="example.war"/>
<deployment name="prhelp.war" runtime-name="prhelp.war"/>
<deployment name="prsysmgmt_jboss.war" runtime-name="prsysmgmt_jboss.war"/>
<deployment name="prpc_j2ee14_jboss61JBM.ear" runtime-name="prpc_j2ee14_jboss61JBM.ear"/>
</deployments>
</server-group>
</server-groups>
3) The host-master.xml configuration is:
<security-realms>
<security-realm name="ManagementRealm">
<server-identities>
<ssl protocol="TLSv1">
<keystore path="keystores/jbossIdentity.jks" relative-to="jboss.domain.config.dir" keystore-password="${VAULT::serverInfo::dc_ident_keystore_password::1}" alias="jboss_domain"/>
</ssl>
</server-identities>
<authentication>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
4) The host-slave.xml configuration is:
<security-realms>
<security-realm name="ManagementRealm">
<server-identities>
<ssl protocol="TLSv1">
<keystore path="keystores/jbossIdentity.jks" relative-to="jboss.domain.config.dir" keystore-password="${VAULT::serverInfo::hc_identity_keystore_password::1}" alias="jboss_host"/>
</ssl>
<secret value="U2NvdGlhYmFua0Ax"/>
</server-identities>
<authentication>
<truststore path="keystores/jbossTrust.jks" relative-to="jboss.domain.config.dir" keystore-password="${VAULT::serverInfo::hc_trust_keystore_password::1}"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<interface name="unsecure">
<inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
</interface>
</interfaces>
<servers>
<server name="jboss-server-one" group="jboss-server-group" auto-start="true">
<jvm name="pega_default"/>
<socket-bindings port-offset="100"/>
</server>
</servers>
Regards
Ali.

We resolved this by adding the certificate at the Java level. In my question scenario above we were importing the certificate into the JBoss keystore. That application was not finding the certificate because of the different JVM's we had setup. So instead, we imported the certificate into the Java cacerts keystore in the jre folder.

Where is the request model in this vendor WSDL?

I'm attempting to create user accounts for a vendor tool in batches. I asked the vendor how to turn on the MEX for the endpoint for creating a single account and I adjusted the config file accordingly.
I was able to create a service reference, but all I have in Visual Studio is a client and two interfaces. I can't tell how to create a request. The client has an InvokeService method, but it just takes an object.
I replicated the vendors class structure in my code, but then the service didn't like my type. So, I updated the classes to use the vendor's original namespace, but the service still didn't like it.
Type 'life.businessService.baseBusinessDataModel.BusinessRequest' with data contract name 'BusinessRequest:http://schemas.datacontract.org/2004/07/life.businessService.baseBusinessDataModel' is not expected. Consider using a DataContractResolver or add any types not known statically to the list of known types - for example, by using the KnownTypeAttribute attribute or by adding them to the list of known types passed to DataContractSerializer.
Here's the WSDL from the service. I'm not very strong in WCF, so I'm hoping for some guidance. Thanks!
<?xml version="1.0" encoding="utf-8"?>
<wsdl:definitions xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:tns="http://tempuri.org/" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="ClientWcfBusinessFacadeService" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
<wsp:Policy wsu:Id="NetNamedPipeBinding_IWcfBusinessFacade_policy">
<wsp:ExactlyOne>
<wsp:All>
<msb:BinaryEncoding xmlns:msb="http://schemas.microsoft.com/ws/06/2004/mspolicy/netbinary1">
</msb:BinaryEncoding>
<wsaw:UsingAddressing>
</wsaw:UsingAddressing>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="NetTcpBinding_IWcfBusinessFacade_policy">
<wsp:ExactlyOne>
<wsp:All>
<msb:BinaryEncoding xmlns:msb="http://schemas.microsoft.com/ws/06/2004/mspolicy/netbinary1">
</msb:BinaryEncoding>
<wsaw:UsingAddressing>
</wsaw:UsingAddressing>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:types>
<xsd:schema targetNamespace="http://tempuri.org/Imports">
<xsd:import namespace="http://tempuri.org/" />
<xsd:import namespace="http://schemas.datacontract.org/2004/07/life.common.serviceCommon" />
<xsd:import namespace="http://schemas.microsoft.com/2003/10/Serialization/" />
</xsd:schema>
</wsdl:types>
<wsdl:message name="IWcfBusinessFacade_InvokeService_InputMessage">
<wsdl:part name="parameters" element="tns:InvokeService" />
</wsdl:message>
<wsdl:message name="IWcfBusinessFacade_InvokeService_OutputMessage">
<wsdl:part name="parameters" element="tns:InvokeServiceResponse" />
</wsdl:message>
<wsdl:message name="IWcfBusinessFacade_InvokeService_ServiceFaultFault_FaultMessage">
<wsdl:part xmlns:q1="http://schemas.datacontract.org/2004/07/life.common.serviceCommon" name="detail" element="q1:ServiceFault" />
</wsdl:message>
<wsdl:portType name="IWcfBusinessFacade">
<wsdl:operation name="InvokeService">
<wsdl:input wsaw:Action="http://tempuri.org/IWcfBusinessFacade/InvokeService" message="tns:IWcfBusinessFacade_InvokeService_InputMessage" />
<wsdl:output wsaw:Action="http://tempuri.org/IWcfBusinessFacade/InvokeServiceResponse" message="tns:IWcfBusinessFacade_InvokeService_OutputMessage" />
<wsdl:fault wsaw:Action="http://tempuri.org/IWcfBusinessFacade/InvokeServiceServiceFaultFault" name="ServiceFaultFault" message="tns:IWcfBusinessFacade_InvokeService_ServiceFaultFault_FaultMessage" />
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="NetNamedPipeBinding_IWcfBusinessFacade" type="tns:IWcfBusinessFacade">
<wsp:PolicyReference URI="#NetNamedPipeBinding_IWcfBusinessFacade_policy">
</wsp:PolicyReference>
<soap12:binding transport="http://schemas.microsoft.com/soap/named-pipe" />
<wsdl:operation name="InvokeService">
<soap12:operation soapAction="http://tempuri.org/IWcfBusinessFacade/InvokeService" style="document" />
<wsdl:input>
<soap12:body use="literal" />
</wsdl:input>
<wsdl:output>
<soap12:body use="literal" />
</wsdl:output>
<wsdl:fault name="ServiceFaultFault">
<soap12:fault use="literal" name="ServiceFaultFault" namespace="" />
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="NetTcpBinding_IWcfBusinessFacade" type="tns:IWcfBusinessFacade">
<wsp:PolicyReference URI="#NetTcpBinding_IWcfBusinessFacade_policy">
</wsp:PolicyReference>
<soap12:binding transport="http://schemas.microsoft.com/soap/tcp" />
<wsdl:operation name="InvokeService">
<soap12:operation soapAction="http://tempuri.org/IWcfBusinessFacade/InvokeService" style="document" />
<wsdl:input>
<soap12:body use="literal" />
</wsdl:input>
<wsdl:output>
<soap12:body use="literal" />
</wsdl:output>
<wsdl:fault name="ServiceFaultFault">
<soap12:fault use="literal" name="ServiceFaultFault" namespace="" />
<soap12:fault use="literal" name="ServiceFaultFault" namespace="" />
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="ClientWcfBusinessFacadeService">
<wsdl:port name="NetNamedPipeBinding_IWcfBusinessFacade" binding="tns:NetNamedPipeBinding_IWcfBusinessFacade">
<soap12:address location="net.pipe://localhost/WcfBusinessFacadeService" />
<wsa10:EndpointReference>
<wsa10:Address>net.pipe://localhost/WcfBusinessFacadeService</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
<wsdl:port name="NetTcpBinding_IWcfBusinessFacade" binding="tns:NetTcpBinding_IWcfBusinessFacade">
<soap12:address location="net.tcp://localhost:8086/WcfBusinessFacadeService" />
<wsa10:EndpointReference>
<wsa10:Address>net.tcp://localhost:8086/WcfBusinessFacadeService</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
<wsdl:port name="NetTcpBinding_IWcfBusinessFacade1" binding="tns:NetTcpBinding_IWcfBusinessFacade">
<soap12:address location="net.tcp://localhost:10000/WcfBusinessFacadeService" />
<wsa10:EndpointReference>
<wsa10:Address>net.tcp://localhost:10000/WcfBusinessFacadeService</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>

For the input message of the InvokeService method, you need to pass the object defined in tns:InvokeService. It will be a type in namespace http://tempuri.org/Imports, but is not explicitly exposed in this WSDL; it is coming from another namespace. You may ask the vendor for the schema XSD or assembly from which this WSDL is expecting to import types below since no absolute or even relative schemaLocation attribute is included
<xsd:import namespace="http://tempuri.org/" />
<xsd:import namespace="http://schemas.datacontract.org/2004/07/life.common.serviceCommon" />

Svcutil vs WS Policy

I have a wsdl with following WS-Policy block:
<wsp:Policy wsu:Id="MemberBindingPolicy">
<wsp:All>
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V1Token11/>
<sp:RequireIssuerSerialReference/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V1Token11/>
<sp:RequireIssuerSerialReference/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256Sha256/>
<sp:InclusiveC14N>http://www.w3.org/2001/10/xml-exc-c14n#</sp:InclusiveC14N>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts>
<sp:Body/>
</sp:SignedParts>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss11>
</wsp:All>
</wsp:Policy>
I run svc util and it returns following error:
An unsupported security policy assertion was detected during the security policy import
XPath: //wsdl:definitions[#targetNamespace='http://xxxx.com']/wsdl:binding[#name='IssAuthSoapBinding']
Is there a workaround (in code, or not using svcutil at all)?
m.

No signature in the WS-Security message for the configured soap actor/role ""! (from client)

I'm binding as follows
//Get certificate in bytes[]
X509Store store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
localCert = new X509Certificate2(cert.File, "mypassword");
store.Add(localCert);
certFriendlyName = localCert.FriendlyName;
//set binding
SecurityBindingElement security = new TransportSecurityBindingElement();
X509SecurityTokenParameters item = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Any, SecurityTokenInclusionMode.AlwaysToRecipient);
security.EndpointSupportingTokenParameters.SignedEncrypted.Add(item);
security.IncludeTimestamp = false;
security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
TextMessageEncodingBindingElement encoding = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
HttpsTransportBindingElement transport = new HttpsTransportBindingElement();
transport.RequireClientCertificate = true;
System.ServiceModel.Channels.Binding currentBinding = new CustomBinding(security, encoding, transport);
EndpointIdentity identity = EndpointIdentity.CreateDnsIdentity("mydns");
EndpointAddress ea = new EndpointAddress(new Uri("MyURI"), identity);
service.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My , X509FindType.FindBySubjectName, certFriendlyName);
service.ClientCredentials.ServiceCertificate.SetDefaultCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser,
System.Security.Cryptography.X509Certificates.StoreName.My,
System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectName,
certFriendlyName);
and below is the security policy from the provided WSDL
<wsp:Policy Name="GAPolicy" wsu:Id="policy.ga" xmlns:wsaws="http://www.w3.org/2005/08/addressing">
<wsp:ExactlyOne>
<wsp:All>
<wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl" />
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy Name="NPPIPolicy" wsu:Id="policy.nppi"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:ExactlyOne>
<wsp:All>
<!-- Force the use of WS-Addressing -->
<wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl" />
<!-- Require a signature on the body of the message -->
<wsp:SignedParts>
<wsp:Body />
</wsp:SignedParts>
<!-- X.509 Certs in header -->
<wsp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorSignatureToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:InitiatorSignatureToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never" />
</wsp:Policy>
</sp:RecipientToken>
<!-- Supported encryption algorithms -->
<sp:AlgorithmSuite>
<wsp:Policy>
<wsp:ExactlyOne>
<sp:Basic256 />
<sp:TripleDes />
<sp:TripleDesSha256 />
<sp:TripleDesSha256Rsa15 />
</wsp:ExactlyOne>
</wsp:Policy>
</sp:AlgorithmSuite>
<!-- Do not impose an order of layout -->
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</wsp:AsymmetricBinding>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy Name="PCIPolicy" wsu:Id="policy.pci"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:ExactlyOne>
<wsp:All>
<!-- Force the use of WS-Addressing -->
<wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl" />
<!-- Require a signature on the body of the message -->
<wsp:SignedParts>
<wsp:Body />
</wsp:SignedParts>
<!-- X.509 Certs in header -->
<wsp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorSignatureToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:InitiatorSignatureToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never" />
</wsp:Policy>
</sp:RecipientToken>
<!-- Supported encryption algorithms -->
<sp:AlgorithmSuite>
<wsp:Policy>
<wsp:ExactlyOne>
<sp:Basic256 />
<sp:TripleDes />
<sp:TripleDesSha256 />
<sp:TripleDesSha256Rsa15 />
</wsp:ExactlyOne>
</wsp:Policy>
</sp:AlgorithmSuite>
<!-- Do not impose an order of layout -->
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</wsp:AsymmetricBinding>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Using this I'm running into "System.ServiceModel.FaultException: No signature in the WS-Security message for the configured soap actor/role ""! (from client)"

Use CustomBinding directly. By introducing WsHttpBinding and setting its security to expect client certificate you are configuring completely different security mode. I wrote an article about this issue (as a result of the question on MSDN you've already found). Start with the binding described in the article or modify it according to your needs. The described binding uses mutual HTTPS (client certificate for HTTPS) with supporting certificate in each request message.