Hi Guys, We have an issue with CXF on WebSphere. We would like to call an SSL SOAP web service. We are using WebSphere 8.5.5 and Apache CXF 2.7.12. We configured WAS to "parent last" classloading, we have added neethi-3.0.3.jar and xmlschema-core-2.1.0.jar to a shared library to avoid compatibility problems. We use JaxWsProxyFactoryBean to create the proxy, so theoretically no WAS related issue should occur but there is a problem with SSL or with certificates or with signing ow whatever... We configured a http conduit, .jks file is in the project with the certificate (truststore only) and we have an out interceptor (WSS4JOutInterceptor) added to sign outgoing messages. Project runs fine on TomCat and on Glassfish, its only an issue on WAS. The exception is:
security.wssecurity.WSSContextImpl.s02: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS5620E: Signature verification failed: Core validity=false Signed info validity=false Signed info message='SignatureValue mismatched.' Ref[0](validity=true message='Ok.' uri='#id-79355FBFEFEAE727E91412771837525139' type='null') Ref[1](validity=true message='Ok.' uri='#TS-79355FBFEFEAE727E91412771837525135' type='null') Ref[2](validity=true message='Ok.' uri='#UsernameToken-79355FBFEFEAE727E91412771837525134' type='null'). ocurred while running action: com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1@b50b4fa1 I'm not sure what "Signature verification failed" exactly mean and why it only occurs on WAS? Not on tomcat neither on glassfish ... I guess it's still something WAS related but the fact is googleing and analyzing the logs didn't help this time ... I'm not getting closer. Has anyone idea about what's going on? Have you faced similar issue before? Thanks, Regards
