It's hard to tell what the problem is. The requests reference the certificate differently. However, the error message that "Verification failed" indicates that WSS4J is getting the wrong digest for the SOAP Body (compared to what the client computed). What version of WSS4J 1.5.x are you using? Is it possible to upgrade to WSS4J 1.6.x? 1.5.x is deprecated and no longer maintained.
Colm. On Thu, Dec 6, 2012 at 7:08 PM, Neill Laney <[email protected]> wrote: > The SoapUI and Axis client requests are attached. > > SoapUI request failed verification at the same place in the > org.apache.ws.security.processor.SignatureProcessor at > XMLSignature.checkSignatureValue (line 466), and this is output to the > server log > > org.apache.xml.security.signature.Reference verify Verification failed for > URI "#id-3" > org.apache.xml.security.signature.Reference verify Expected Digest: > jTbkUWscHA7rpefUut9fCYmecJw= > org.apache.xml.security.signature.Reference verify Actual Digest: > F8gqUHahC48plWm1u5ko6PvFzhs= > > When I step into the method at line 466, the class > is com.ibm.security.x509.X509CertImpl, which makes sense because we're > running the web service on Websphere. > > I don't know what packages SoapUI is using to sign the outgoing message. > Thanks for your reply. > > Neill > > > > On Thu, Dec 6, 2012 at 4:35 AM, Colm O hEigeartaigh > <[email protected]>wrote: > >> >> It's hard to tell without more details. For example, what is the >> difference between the failing SOAP-UI request, and the working Axis >> request? >> >> Colm. >> >> >> On Tue, Dec 4, 2012 at 7:18 PM, Neill Laney <[email protected]>wrote: >> >>> Hello, I'm having an interoperability issue with an Axis 1.4 web >>> service, WSS4J 1.5 and SoapUI 4.5.1 >>> >>> The Axis client performs signature verification with a PKI keystore with >>> no issues, however when I establish a SoapUI request the signature >>> verification fails and returns error code WSSecurityException.FAILED_CHECK >>> in com.ibm.security.x509.X509CertImpl >>> >>> The client is unable to use axis because of conflicts with their own >>> classes. >>> >>> I've removed signature verification from the client request and server >>> configuration, but I need to add it back before the service can be >>> deployed. Does anyone have any idea how to resolve this? >>> >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> >> > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
