• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

intermediary adding soap header element breaking signature verification

 
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Here is the soap message after it is signed using AXIS 1.4, WSS4J 1.5:







Say if I use AXIS + WSS4J on bother sender side and receiver side and say if an intermediary adds an element



to the soap header and after adding this element the complete soap message looks like below:




After the intermediary adds its element hopefully without altering the signature and when I try to validate the signature on the provider end I get signature verification failed. Now my question is, is it expected behaviour that adding elements to the header by intermediaries (ofcourse without modifying the signature) will break the signature verification. Does canonicalization here will fail ? If I dont have this intermediary then signature verification is successfull. please suggest how to get around this problem.



Thanks in advance for your time and reply.
 
Ranch Hand
Posts: 2108
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Which part/s of the message did you sign, the body only?
reply
    Bookmark Topic Watch Topic
  • New Topic