Hello Colm,

Thank you for this explanation!  It sounds like the system I'm sending to
does not follow the current standards about line feeds in the Signature &
Keyinfo tags, or perhaps their support team is just guessing about why it
thinks I have threatening characters in the payload.

Either way, they are not going to change their system this year so I have to
humor them, before they will look deeper.  I think it should be possible to
remove the characters using an Interceptor, in the USER or POST_STREAM
Phase, without invalidating the signature, since they are not in the
SignedInfo tag?  (Am studying http://cxf.apache.org/docs/interceptors.html).  

Thanks again,
Guy







--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Reply via email to