I'm trying to consume an IBM DataPower 3.7.1.x web service in WCF getting the following error message:
Cannot find a token authenticator for the 'System.IdentityModel.Tokens.X509SecurityToken' token type. Tokens of that type cannot be accepted according to current security settings.
The HTTP response is coming back as 200 and I can see the correct SOAP response while debugging it in Fiddler.
However, the WCF clients doesn't seem to know how to process the BinarySecurityToken element in the SOAP response.
Here is my WCF config:
<bindings>
<basicHttpBinding>
<binding name="TestBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="TestBehavior">
<callbackDebug includeExceptionDetailInFaults="true" />
<clientCredentials>
<clientCertificate storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName"
findValue="test-cert" />
<serviceCertificate>
<authentication certificateValidationMode ="PeerOrChainTrust" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="https://serviceURL"
binding="basicHttpBinding"
bindingConfiguration="TestBinding"
behaviorConfiguration="TestBehavior"
contract="ContraceGoesHere"
name="ContraceNameGoesHere" />
</client>
I've seen other people reporting similar problems both to Microsoft and IBM and there are some StackOverflow questions about it, however I haven't found a single solution that works.
Any help would be appreciated.
please publish the soap that you send, the one which comes back and your config.
also try to add this attribute:
<security allowSerializedSigningTokenOnReply="true" />
(as described here)