intermediary adding soap header element breaking signature verification

Here is the soap message after it is signed using AXIS 1.4, WSS4J 1.5:

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken 
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
elementEncoding="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
wsu:Id="binarytoken">
123MIIB5jCCAU8CBEQyyzkwDQYJKoZIhvcNAQEFBQAwOjELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEFN
</wsse:BinarySecurityToken>
<ds:Signature xmlns :mrgreen: s="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
<ds :mrgreen: igestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds :mrgreen: igestValue>EwE9/d/aFPCf7CpqoKdbHSrhNN0=</ds :mrgreen: igestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
    lCIbgyn1nzA/7Y2tAVQ+WuVTX/WoOKE0Xv1dOTDBJ+BIY1w6ulg17apQ2taLmfDHGEFtLOCO
    TKdvhev5CMNCvmsbZQVv5Mli+ttFSpumNf8yOkf0BwDCcSyTVbuiotJJXOFVGRTXB5oxIv8q
    UqY5QO3lZkO790OmUyBlpgWaWAE=
  </ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference 
URI="#binarytoken" 
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body Id="Body">
<getHolidays xmlns="http://transfer.as.com">
<request>
<ns3:regionID xmlns:ns3="http://shr.ws.com" xsi:nil="true"/>
<cardNumber>4444</cardNumber>
</request>
</getHolidays>
</soapenv:Body>
</soapenv:Envelope>

Say if I use AXIS + WSS4J on bother sender side and receiver side and say if an intermediary adds an element

to the soap header and after adding this element the complete soap message looks like below:

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:intermediary="http://www.intermediary.com/proxy/2424.2424s">
<soapenv:Header>
<intermediary :-P	 roxyID wsu:Id="6767">0d88d3e0-0e2c-489d-a682-da14b8fec3d7</intermediary :-P	 roxyID>
<wsse:Security 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken 
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
elementEncoding="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
wsu:Id="binarytoken">
123MIIB5jCCAU8CBEQyyzkwDQYJKoZIhvcNAQEFBQAwOjELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEFN
</wsse:BinarySecurityToken>
<ds:Signature xmlns :mrgreen: s="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
<ds :mrgreen: igestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds :mrgreen: igestValue>EwE9/d/aFPCf7CpqoKdbHSrhNN0=</ds :mrgreen: igestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
    lCIbgyn1nzA/7Y2tAVQ+WuVTX/WoOKE0Xv1dOTDBJ+BIY1w6ulg17apQ2taLmfDHGEFtLOCO
    TKdvhev5CMNCvmsbZQVv5Mli+ttFSpumNf8yOkf0BwDCcSyTVbuiotJJXOFVGRTXB5oxIv8q
    UqY5QO3lZkO790OmUyBlpgWaWAE=
  </ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference 
URI="#binarytoken" 
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body Id="Body">
<getHolidays xmlns="http://transfer.as.com">
<request>
<ns3:regionID xmlns:ns3="http://shr.ws.com" xsi:nil="true"/>
<cardNumber>4444</cardNumber>
</request>
</getHolidays>
</soapenv:Body>
</soapenv:Envelope>

After the intermediary adds its element hopefully without altering the signature and when I try to validate the signature on the provider end I get signature verification failed. Now my question is, is it expected behaviour that adding elements to the header by intermediaries (ofcourse without modifying the signature) will break the signature verification. Does canonicalization here will fail ? If I dont have this intermediary then signature verification is successfull. please suggest how to get around this problem.

Thanks in advance for your time and reply.

Which part/s of the message did you sign, the body only?