[ https://issues.redhat.com/browse/WFLY-13256?page=com.atlassian.jira.plugi... ] Jim Ma commented on WFLY-13256: ------------------------------- [~brian.stansberry] [~aabdelsa] I tried fix these failures with adding @FixedMethodOrder for WSTrustTest and it works: :https://github.com/jimma/wildfly/commit/7fce5a2d10e81e4e7951d1e11eeb4419d1a63607 {code:java} public void test() throws Exception { Bus bus = BusFactory.newInstance().createBus(); try { BusFactory.setThreadDefaultBus(bus); final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy";, "SecurityService"); final URL wsdlURL = new URL(serviceURL + "SecurityService?wsdl"); Service service = Service.create(wsdlURL, serviceName); ServiceIface proxy = (ServiceIface) service.getPort(ServiceIface.class); final QName stsServiceName = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/";, "SecurityTokenService"); final QName stsPortName = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/";, "UT_Port"); URL stsURL = new URL(serviceURL.getProtocol(), serviceURL.getHost(), serviceURL.getPort(), "/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService?wsdl"); WSTrustTestUtils.setupWsseAndSTSClient(proxy, bus, stsURL.toString(), stsServiceName, stsPortName); try { assertEquals("WS-Trust Hello World!", proxy.sayHello()); } catch (Exception e) { e.printStackTrace(); throw e; } } finally { bus.shutdown(true); } } public void testPicketLink() throws Exception { Bus bus = BusFactory.newInstance().createBus(); try { BusFactory.setThreadDefaultBus(bus); final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy";, "SecurityService"); final URL wsdlURL = new URL(serviceURL + "SecurityService?wsdl"); Service service = Service.create(wsdlURL, serviceName); ServiceIface proxy = (ServiceIface) service.getPort(ServiceIface.class); final QName stsServiceName = new QName("urn:picketlink:identity-federation:sts", "PicketLinkSTS"); final QName stsPortName = new QName("urn:picketlink:identity-federation:sts", "PicketLinkSTSPort"); final URL stsURL = new URL(serviceURL.getProtocol(), serviceURL.getHost(), serviceURL.getPort(), "/jaxws-samples-wsse-policy-trustPicketLink-sts/PicketLinkSTS?wsdl"); WSTrustTestUtils.setupWsseAndSTSClient(proxy, bus, stsURL.toString(), stsServiceName, stsPortName); try { assertEquals("WS-Trust Hello World!", proxy.sayHello()); } catch (Exception e) { throw e; } } finally { bus.shutdown(true); } } {code} (find these lines from https://github.com/wildfly/wildfly/blob/master/testsuite/integration/ws/s..., https://github.com/wildfly/wildfly/blob/master/testsuite/integration/ws/s...) Only STS endpoint is different, and one is CXF's STS service and another one is picketLink. But the string thing is picketLink service is running with http transport instead of https. I still don't get why this will break the following https handshake. I looked at picketlink code and dependencies. One thing we probably need to check is picketlink-federation has a very old xmlsec 1.5.1.Final dependency which doesn't support jdk9+. JDK9 support and adding bouncycastle dependency are after xmlsec 2.1.x. CXF already upgraded to xml sec 2.1.4. Don't know if that's reason CXF STS service works. -- This message was sent by Atlassian Jira (v7.13.8#713008)