We have a web service proxy that is SOAP 1.2. the underlying WSDL operation's request accepts MTOM attachments and the response also can have MTOM attachments. We are running XI52s with firmware version XI188.8.131.52.6Build:226480
My WSP request rule is set to the following
Match rule (match all) -> Verify rule -> Results rule
My WSP response rule is set to the following
Match rule (match all) -> sign rule -> Verify rule -> Results rule
Envelope Method= WSSec Method
Message Type =SOAP Message
Use Asymmetric Key =on
Signing Algorithm= RSA
Other than setting the XML threat protection to allow both request and response attachments no other setting have been modified for MTOM.
What we are experiencing is our Java clients (all of our Java clients also use Datapower to secure message) are able to send\receive MTOM attachments with no issues ,but our WCF .NET clients' inbound requests with MTOM attachments fail the verify action ( Hash value don't match). request messages without MTOM attachment pass the request verify action step. For responses to WCF .NET clients, outbound responses with MTOM attachment pass the Verify step in the response rule but the WCF .NET clients are unable to verify the Hash value of datapower signed message.