A Web Service provider in IS has a custom policy assigned. When the Web Service is invoked by a consumer the following error is given::
org.apache.ws.security.WSSecurityException - "The signature or decryption was invalid"
The issue relates to the order of the elements in the Soap header:
1. If the UsernameToken is before the Signature then it fails.
2. If the Signature element is before the UsernameToken it works.
3. This also only happens when the incoming password contain a Digest.
4. When a plain text password is used, it works regardless of the order of elements in the SOAP header.
When using SOAPUI to test, it is possible to force the Signature to be the first WS-Security header by setting the "Prepend signature element to security header(non-strict layout)" in the SOAPUI ws-security configuration.
[{"Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSVYEV","label":"IBM webMethods Integration"},"ARM Category":[{"code":"a8mKe00000000AQIAY","label":"webMethods Integration Server (PIE)"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Red Hat Enterprise Linux"}],"Version":"10.3"},{"Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSFIWYE","label":"IBM webMethods B2B"},"ARM Category":[{"code":"a8mKe00000000AQIAY","label":"webMethods Integration Server (PIE)"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Red Hat Enterprise Linux"}],"Version":"10.3"},{"Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSQG2X","label":"IBM webMethods Managed File Transfer"},"ARM Category":[{"code":"a8mKe00000000AQIAY","label":"webMethods Integration Server (PIE)"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Red Hat Enterprise Linux"}],"Version":"10.3"}]
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.