I have generated a WS Security 2004 X509 Token Profile Signature using AXIS and it gets successfully verified by the provider. This I have tested using a standalone java program that uses AXIS 1.2.1 Final and uses XSS4J API for signing the soap message.
However if I take the request soap message (which has signature in header and <Security> element in header) and paste in XML SPY 2006 and fire a request to the server then the signature verification on the provider is failing and I see in the server logs that <SignedInfo> element validity is failed and further <SignatureValue> element value is mismatched and digest values are mismatched in the process of validating the <SingedInfo> element. Does somebody have any thoughts like XML SPY may be somehow changes the soap message(may be adds some text formatting or something like the sort which I am unable to imagine) before it sends it to provider? Are there any free tools out there in which I can just page the soap message with WS Security 2005 X509 Signature and fire the request to the provider and get the response without any hassles as I am having hard time with XML SPLY. Thank you for your reply and time.
