Hi, > Would anyone know if this will fix this problem and, if so, how I would go > about it using CXF?
Do the C# client and the PDT client generate a SOAP request with the same security header layout? If so then the link you reference does not sound like the problem. If you manually move the Timestamp element outside of the security header then it does not get processed. Could it be that the Timestamp is expired by the time the CXF service processes it? Could you post the security header that is sent in the SOAP request for the PDT client, and the exception generated by the CXF service? Colm. On Fri, Feb 11, 2011 at 3:18 PM, Thomas P. Fuller <[email protected]> wrote: > Hi, > > > > I have a C# client which calls a (CXF) web service which we have secured. > > > > The client works fine on a desktop machine however it receives a soap fault > when the same call is sent from a low profile handset (PDT). > > > > We have traced the problem to the timestamp. If we manually modify the PDT > packet so that TimeStamp element is outside of the Security element (as with > the PC request) it works. > > > > IBM has a post on one of their forums which describes the same problem and > indicates the solution is to: > > > > ".change the default behavior in the TimestampGenerator to include the > Timestamp before the signature when using the Strict layout. The > TimestampConsumer now also verifies that the Timestamp is indeed put before > the signature on an incoming message when following the Strict layout. This > fixes the problem of interoperability." > > > > http://www-01.ibm.com/support/docview.wss?uid=swg1PK55563 > > > > Would anyone know if this will fix this problem and, if so, how I would go > about it using CXF? > > > > I suspect we'll need a cxf.xml configuration file, but more help with this > would be appreciated > > > > Thanks in advance for your assistance, > > > > Tom > >
