All, Following issue I just posted to the WSE newsgroup. I post it to this list too since I have no idea if this is a WSS4J or WSE 2.0 issue? Does anyone have done similar experiences with WSE <-> WSS4J?
---> We run a Java-based (Axis with WSS4J) webservice and we have both Java and .NET (C#) clients. While encryption is no problem for all client-server combinations we have problems with signature validation from C# requests. The strange thing is that we have a MS-box with the C#-client which requests can be successfuly validated by the Java end point and on the other (with the same exe-File) box it doesn't work. After seeing that I tried to find the difference between these two C# clients. The only difference I could find is in the request is in the CanonicalizationMethod-element (prefix and namespace (re-)definition; is already defined as default namespace in the Signature-element): this one works: ....<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />.... this one fails: ....<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />.... I'm absolutely not sure if this is causing the problem but at least this is a difference between the two boxes/clients that should not occur. Following the versions we use (on both c#-clients): - .NET 1.1 SP1 - WSE 2.0 SP2 - WinXP SP2 Any ideas? Thanks Yves
