How to enable SignatureConfirmation element in an Apache CXF SOAP server

Question

I have a soap client and also a soap server both using CXF. I have message signing working correctly. When I point my soap client at a different SOAP server using an IBM SOAP appliance, the reply messages contain the element SignatureConfirmation. I want to ensure that my CXF based SOAP server gives the same results as third-party SOAP servers do, so how do I configure my server to enable that element?

Here is how I set up my server:

signingProps.put(WSHandlerConstants.ACTION, "Timestamp Signature"); 
signingProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{}{http://schemas.xmlsoap.org/soap/envelope/}Body ;" 
      + "{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}" 
      + "Timestamp"); 
signingProps.put(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial"); 

Properties keyStoreProps = new Properties(); 
keyStoreProps.put(LocalCryptoProvider.WS_CRYPTO_PROVIDER, 
    LocalCryptoProvider.class.getName()); 
keyStoreProps.put(LocalCryptoProvider.KEYSTORE_OBJECT, keyStore); 

WSS4JOutInterceptor outSigner = new WSS4JOutInterceptor(signingProps); 
cxfFactory.getOutInterceptors().add(new SAAJOutInterceptor()); 
cxfFactory.getOutInterceptors().add(outSigner); 

Answer 1

I found the right answer.

In the properties map passed to the WSS4JOutInterceptor and WSS4JInInterceptor add ENABLE_SIGNATURE_CONFIRMATION, i.e.

signingProps.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true" );

This needs to be set on both the client and the server or it won't work. Also if you enable signature confirmation on the client, but not on the server, then the client will throw an exception.

Answer 2

The action should be "enableSignatureConfirmation" that will take care of adding the signature confirmation element to the response.

signingProps.put(WSHandlerConstants.ACTION, "enableSignatureConfirmation");