I'm developing a client who will consume an external web service which I don't control. I have to add security to the messages, specifically a Timestamp and a signature using DirectReference (BST). I got what looks like an ok message but I receive a fault about the signature beeing wrong. I compared a capture of the request against a good one generated by SoapUI to spot the differences but I couldn't find the one.
The client is being developed using Spring boot and security is being added via Wss4jSecurityInterceptor. The fault I'm getting is:
I'm using no encryption, so the fault must be caused by the signature.
The aaa, bbb... thing is just me hiding some URLS, but they are in both messages so that souldn't be the problem. Im pretty sure I'm using the same certificate for both so, can anyone spot why one works and the other doesn't? The only "difference" I saw until now is that in the bad message IDs are shown with hyphens while in the right one they doesn't.
Thanks in advance,
posted 1 month ago
Sorry for double-posting, but does anyone knows how can I upload the Soap messages so you can also have a look at them?
Posting in OP: post too long. Tried .xml, .txt, .log, .zip and .rar -> none of this extension is allowed for attachments.