DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=43685>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43685 ------- Additional Comments From [EMAIL PROTECTED] 2007-12-10 12:35 ------- I am currently trying to get at the debug output from BEA's AquaLogic - it isn't too easy, since it is running at another company and I have no control over the server, so I am currently trying to persuade them to add debug settings. But, while jogging around the various forums, I found this link: http://forums.bea.com/thread.jspa?threadID=600008882 It mentions a similar problem where the poster claimed he patched wss4j to get it to work, here is a quote from the post: ----- I've gotten a little further since my initial post. As it turns out there is a cannonicalization problem. I believe its on the wss4j/XML-Security side. The problem seems to occur because of "non-visible" namespaces in the body of the message due to soap encoding of array types. The particular service I was trying to secure has some of these in there, i.e there are attributes that look like soapenc:arrayType="mynsprefix:mytype[]". I believe AL is following the spirit of the WS-I Basic Security profile and is including the mynsprefix in the cannonicalized xml. wss4j on the other hand isnt. So, I modified wss4j to scan for these namespaces and included them in the list of includednamespaces to the exclusive-c14n cannonicalization algorithim. Long story short, with the change I made, the digests are the same and the signatures match. ----- I don't know if its relevant or not, but I'm including it in case it rings a bell somewhere ;) I'll get back to you when I have the canonicalized bytes from AquaLogic. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
