Hi,
I'm using WSS4j 1.6.18 for our SOAP based Web Services. We use WS-addressing, Timestamp and SAML 2.0 Holder-of-key. We sign the SOAP body as well as Timestamp and WS-addressing headers. When validating the secured SOAP message on the receiving side, WSSecurityEngine.processSecurityHeader() simply throws a general WSSecurityException and I don't have the WSSecurityEngineResult's to analyze. My question is how can I determine exactly what went wrong? I would like to know if the SAML token is invalid, or the timestamp is out of range, or one of the signed part was tempered? Thanks, Gang
