You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by akkachotu <ak...@gmail.com> on 2006/04/21 00:21:27 UTC

Signature Verification Failed with tools

I have generated a WS Security 2004 X509 Token Profile Signature using
AXIS and it gets successfully verified by the provider. This I have
tested using a standalone java program that uses AXIS 1.2.1 Final and
uses XSS4J API for signing the soap message.

However if I take the request soap message (which has signature in
header and <Security> element in header) and paste in XML SPY 2006 and
fire a request to the server then the signature verification on the
provider is failing and I see in the server logs that <SignedInfo>
element validity is failed and further <SignatureValue> element value
is mismatched and digest values are mismatched in the process of
validating the <SingedInfo> element.

Does somebody have any thoughts like XML SPY may be somehow changes
the soap message(may be adds some text formatting or something like
the sort which I am unable to imagine) before it sends it to provider?

Are there any free tools out there in which I can just page the soap
message with WS Security 2005 X509 Signature and fire the request to
the provider and get the response without any hassles as I am having
hard time with XML SPLY.

Thank you for your reply and time.

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

RE: Signature Verification Failed with tools

Posted by Soumadeep <so...@infravio.com>.
You could use Jmeter or Vordel. 

-Soumadeep

-----Original Message-----
From: akkachotu [mailto:akkachotu@gmail.com]
Sent: Friday, April 21, 2006 3:51 AM
To: wss4j-dev@ws.apache.org
Subject: Signature Verification Failed with tools

I have generated a WS Security 2004 X509 Token Profile Signature using
AXIS and it gets successfully verified by the provider. This I have
tested using a standalone java program that uses AXIS 1.2.1 Final and
uses XSS4J API for signing the soap message.

However if I take the request soap message (which has signature in
header and <Security> element in header) and paste in XML SPY 2006 and
fire a request to the server then the signature verification on the
provider is failing and I see in the server logs that <SignedInfo>
element validity is failed and further <SignatureValue> element value
is mismatched and digest values are mismatched in the process of
validating the <SingedInfo> element.

Does somebody have any thoughts like XML SPY may be somehow changes
the soap message(may be adds some text formatting or something like
the sort which I am unable to imagine) before it sends it to provider?

Are there any free tools out there in which I can just page the soap
message with WS Security 2005 X509 Signature and fire the request to
the provider and get the response without any hassles as I am having
hard time with XML SPLY.

Thank you for your reply and time.

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

RE: Signature Verification Failed with tools

Posted by Soumadeep <so...@infravio.com>.
You could use Jmeter or Vordel. 

-Soumadeep

-----Original Message-----
From: akkachotu [mailto:akkachotu@gmail.com]
Sent: Friday, April 21, 2006 3:51 AM
To: wss4j-dev@ws.apache.org
Subject: Signature Verification Failed with tools

I have generated a WS Security 2004 X509 Token Profile Signature using
AXIS and it gets successfully verified by the provider. This I have
tested using a standalone java program that uses AXIS 1.2.1 Final and
uses XSS4J API for signing the soap message.

However if I take the request soap message (which has signature in
header and <Security> element in header) and paste in XML SPY 2006 and
fire a request to the server then the signature verification on the
provider is failing and I see in the server logs that <SignedInfo>
element validity is failed and further <SignatureValue> element value
is mismatched and digest values are mismatched in the process of
validating the <SingedInfo> element.

Does somebody have any thoughts like XML SPY may be somehow changes
the soap message(may be adds some text formatting or something like
the sort which I am unable to imagine) before it sends it to provider?

Are there any free tools out there in which I can just page the soap
message with WS Security 2005 X509 Signature and fire the request to
the provider and get the response without any hassles as I am having
hard time with XML SPLY.

Thank you for your reply and time.

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org