wood burning stoves 2.0*
The moose likes Web Services and the fly likes intermediary adding soap header element breaking signature verification Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "intermediary adding soap header element breaking signature verification" Watch "intermediary adding soap header element breaking signature verification" New topic
Author

intermediary adding soap header element breaking signature verification

Akram Chotu
Ranch Hand

Joined: Apr 18, 2006
Posts: 43
Here is the soap message after it is signed using AXIS 1.4, WSS4J 1.5:







Say if I use AXIS + WSS4J on bother sender side and receiver side and say if an intermediary adds an element



to the soap header and after adding this element the complete soap message looks like below:




After the intermediary adds its element hopefully without altering the signature and when I try to validate the signature on the provider end I get signature verification failed. Now my question is, is it expected behaviour that adding elements to the header by intermediaries (ofcourse without modifying the signature) will break the signature verification. Does canonicalization here will fail ? If I dont have this intermediary then signature verification is successfull. please suggest how to get around this problem.



Thanks in advance for your time and reply.
Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2049
Which part/s of the message did you sign, the body only?
 
wood burning stoves
 
subject: intermediary adding soap header element breaking signature verification
 
Similar Threads
Configuring the SOAP Header in client
Manual verification of XML Signature
WS-Security with XWSS and SoapUI
Rampart sample not encrypting soap message
Problem while Encrypting SOAP body using Metro