My advice is if you need what the sign action outputs, just use it!   That's why it is there.  It might mean, in your case, you have a couple of extra actions, but FWIW, I tend to use what is configurable out-of-the-box rather than write (and maintain) a bunch of code. 

However, if you want to really dig in, try starting with the "store:///sign-wssec.xsl", which is, by default, what the Sign action uses.  That file, though, isn't going to help terribly much, but, it includes "store:///sign-wssec-common.xsl", and then you'll find more includes on more includes.   

The dp:sign() is relatively simple and the sign action is far more complex (Just toggle the "Basic" to go to advanced on the new UI, or go to the advanced tab on the old UI to see what I'm talking about).   On the Sign action, the header policy is strict.   You'll find how it handles that somewhere in all those includes.

------------------------------
Krishna

Original Message:
Sent: Sun September 07, 2025 10:09 PM
From: Joseph Morgan
Subject: How to use dp:sign to apply WSSec method

My advice is if you need what the sign action outputs, just use it!   That's why it is there.  It might mean, in your case, you have a couple of extra actions, but FWIW, I tend to use what is configurable out-of-the-box rather than write (and maintain) a bunch of code. 

However, if you want to really dig in, try starting with the "store:///sign-wssec.xsl", which is, by default, what the Sign action uses.  That file, though, isn't going to help terribly much, but, it includes "store:///sign-wssec-common.xsl", and then you'll find more includes on more includes.   

The dp:sign() is relatively simple and the sign action is far more complex (Just toggle the "Basic" to go to advanced on the new UI, or go to the advanced tab on the old UI to see what I'm talking about).   On the Sign action, the header policy is strict.   You'll find how it handles that somewhere in all those includes.

------------------------------
Joseph Morgan
CEO - Independent

Original Message:
Sent: Sun September 07, 2025 05:51 AM
From: Krishna
Subject: How to use dp:sign to apply WSSec method

------------------------------
Krishna
------------------------------

Understood!   So, unfortunately, hopefully someone has a solution for you.  Otherwise, you may be running down the rabbit-hole of the sign-wssec.xsl as I described before.

However, with that said, you could try a hack.  Disclaimer, I have no idea if this will work.  You can call a stylesheet rule from GatewayScript's multi-step module:

• Build a dummy XMLFW (you won't actually use).
• Build a dummy policy (you won't actually use).
• Build a rule (which you will use). 
• Match all and put in a sign action to sign the input. 
• Use an API GatewayScript Assembly action callRule() to call the rule.   From there you'll have access to the output context and you should be good to go!

Qualifier:  If this works, 1) let us know and 2) I get full credit because I am the king of DataPower hacks!!!   :-)

------------------------------
Joseph Morgan
CEO - Independent

Original Message:
Sent: Tue September 09, 2025 07:16 AM
From: Krishna
Subject: How to use dp:sign to apply WSSec method

------------------------------
Krishna

Original Message:
Sent: Sun September 07, 2025 10:09 PM
From: Joseph Morgan
Subject: How to use dp:sign to apply WSSec method

My advice is if you need what the sign action outputs, just use it!   That's why it is there.  It might mean, in your case, you have a couple of extra actions, but FWIW, I tend to use what is configurable out-of-the-box rather than write (and maintain) a bunch of code. 

However, if you want to really dig in, try starting with the "store:///sign-wssec.xsl", which is, by default, what the Sign action uses.  That file, though, isn't going to help terribly much, but, it includes "store:///sign-wssec-common.xsl", and then you'll find more includes on more includes.   

The dp:sign() is relatively simple and the sign action is far more complex (Just toggle the "Basic" to go to advanced on the new UI, or go to the advanced tab on the old UI to see what I'm talking about).   On the Sign action, the header policy is strict.   You'll find how it handles that somewhere in all those includes.

------------------------------
Joseph Morgan
CEO - Independent

Original Message:
Sent: Sun September 07, 2025 05:51 AM
From: Krishna
Subject: How to use dp:sign to apply WSSec method

------------------------------
Krishna
------------------------------

Dear Joseph,

We followed the steps you suggested, but we opted to use MPGW instead of an XML Firewall. However, when we call the rule, the signed SOAP message is sent successfully to the backend. The issue is that the backend responds with the same error it normally gives when a signed SOAP message is not sent.

We also configured Invoke with the MPGW(Instead of actual endpoint which expects signed soap message) endpoint to verify how the request is being sent. In the probe, we can see that the request and headers look as expected. Still, we're not sure what exactly we're missing. 

Attached is the code we are using to call the DP rule.

------------------------------
Krishna

Original Message:
Sent: Tue September 09, 2025 09:35 AM
From: Joseph Morgan
Subject: How to use dp:sign to apply WSSec method

Understood!   So, unfortunately, hopefully someone has a solution for you.  Otherwise, you may be running down the rabbit-hole of the sign-wssec.xsl as I described before.

However, with that said, you could try a hack.  Disclaimer, I have no idea if this will work.  You can call a stylesheet rule from GatewayScript's multi-step module:

• Build a dummy XMLFW (you won't actually use).
• Build a dummy policy (you won't actually use).
• Build a rule (which you will use). 
• Match all and put in a sign action to sign the input. 
• Use an API GatewayScript Assembly action callRule() to call the rule.   From there you'll have access to the output context and you should be good to go!

Qualifier:  If this works, 1) let us know and 2) I get full credit because I am the king of DataPower hacks!!!   :-)

------------------------------
Joseph Morgan
CEO - Independent

Original Message:
Sent: Tue September 09, 2025 07:16 AM
From: Krishna
Subject: How to use dp:sign to apply WSSec method

------------------------------
Krishna

Original Message:
Sent: Sun September 07, 2025 10:09 PM
From: Joseph Morgan
Subject: How to use dp:sign to apply WSSec method

My advice is if you need what the sign action outputs, just use it!   That's why it is there.  It might mean, in your case, you have a couple of extra actions, but FWIW, I tend to use what is configurable out-of-the-box rather than write (and maintain) a bunch of code. 

However, if you want to really dig in, try starting with the "store:///sign-wssec.xsl", which is, by default, what the Sign action uses.  That file, though, isn't going to help terribly much, but, it includes "store:///sign-wssec-common.xsl", and then you'll find more includes on more includes.   

The dp:sign() is relatively simple and the sign action is far more complex (Just toggle the "Basic" to go to advanced on the new UI, or go to the advanced tab on the old UI to see what I'm talking about).   On the Sign action, the header policy is strict.   You'll find how it handles that somewhere in all those includes.

------------------------------
Joseph Morgan
CEO - Independent

Original Message:
Sent: Sun September 07, 2025 05:51 AM
From: Krishna
Subject: How to use dp:sign to apply WSSec method

------------------------------
Krishna
------------------------------

Maybe it's too early in the day for me, but, shouldn't this line:

context.set('message.body', signedBuf);

Be something more like:

outputObj.body.write(signedBuf);

Dear Joseph,

We followed the steps you suggested, but we opted to use MPGW instead of an XML Firewall. However, when we call the rule, the signed SOAP message is sent successfully to the backend. The issue is that the backend responds with the same error it normally gives when a signed SOAP message is not sent.

We also configured Invoke with the MPGW(Instead of actual endpoint which expects signed soap message) endpoint to verify how the request is being sent. In the probe, we can see that the request and headers look as expected. Still, we're not sure what exactly we're missing. 

Attached is the code we are using to call the DP rule.

------------------------------
Krishna

Original Message:
Sent: Tue September 09, 2025 09:35 AM
From: Joseph Morgan
Subject: How to use dp:sign to apply WSSec method

Understood!   So, unfortunately, hopefully someone has a solution for you.  Otherwise, you may be running down the rabbit-hole of the sign-wssec.xsl as I described before.

However, with that said, you could try a hack.  Disclaimer, I have no idea if this will work.  You can call a stylesheet rule from GatewayScript's multi-step module:

• Build a dummy XMLFW (you won't actually use).
• Build a dummy policy (you won't actually use).
• Build a rule (which you will use). 
• Match all and put in a sign action to sign the input. 
• Use an API GatewayScript Assembly action callRule() to call the rule.   From there you'll have access to the output context and you should be good to go!

Qualifier:  If this works, 1) let us know and 2) I get full credit because I am the king of DataPower hacks!!!   :-)

------------------------------
Joseph Morgan
CEO - Independent

Original Message:
Sent: Tue September 09, 2025 07:16 AM
From: Krishna
Subject: How to use dp:sign to apply WSSec method

------------------------------
Krishna

Original Message:
Sent: Sun September 07, 2025 10:09 PM
From: Joseph Morgan
Subject: How to use dp:sign to apply WSSec method

My advice is if you need what the sign action outputs, just use it!   That's why it is there.  It might mean, in your case, you have a couple of extra actions, but FWIW, I tend to use what is configurable out-of-the-box rather than write (and maintain) a bunch of code. 

However, if you want to really dig in, try starting with the "store:///sign-wssec.xsl", which is, by default, what the Sign action uses.  That file, though, isn't going to help terribly much, but, it includes "store:///sign-wssec-common.xsl", and then you'll find more includes on more includes.   

The dp:sign() is relatively simple and the sign action is far more complex (Just toggle the "Basic" to go to advanced on the new UI, or go to the advanced tab on the old UI to see what I'm talking about).   On the Sign action, the header policy is strict.   You'll find how it handles that somewhere in all those includes.

------------------------------
Joseph Morgan
CEO - Independent

Original Message:
Sent: Sun September 07, 2025 05:51 AM
From: Krishna
Subject: How to use dp:sign to apply WSSec method

------------------------------
Krishna
------------------------------

Dear,

After updating the .js with the statement that you have recommended, Still am receiving the same error response from the backend. Even with the dpcall2.js that I have attached also giving me the same error response that it normally gives when a signed SOAP message is not sent.

Maybe it's too early in the day for me, but, shouldn't this line:

context.set('message.body', signedBuf);

Be something more like:

outputObj.body.write(signedBuf);

Dear Joseph,

We followed the steps you suggested, but we opted to use MPGW instead of an XML Firewall. However, when we call the rule, the signed SOAP message is sent successfully to the backend. The issue is that the backend responds with the same error it normally gives when a signed SOAP message is not sent.

We also configured Invoke with the MPGW(Instead of actual endpoint which expects signed soap message) endpoint to verify how the request is being sent. In the probe, we can see that the request and headers look as expected. Still, we're not sure what exactly we're missing. 

Attached is the code we are using to call the DP rule.

------------------------------
Krishna

Original Message:
Sent: Tue September 09, 2025 09:35 AM
From: Joseph Morgan
Subject: How to use dp:sign to apply WSSec method

Understood!   So, unfortunately, hopefully someone has a solution for you.  Otherwise, you may be running down the rabbit-hole of the sign-wssec.xsl as I described before.

However, with that said, you could try a hack.  Disclaimer, I have no idea if this will work.  You can call a stylesheet rule from GatewayScript's multi-step module:

• Build a dummy XMLFW (you won't actually use).
• Build a dummy policy (you won't actually use).
• Build a rule (which you will use). 
• Match all and put in a sign action to sign the input. 
• Use an API GatewayScript Assembly action callRule() to call the rule.   From there you'll have access to the output context and you should be good to go!

Qualifier:  If this works, 1) let us know and 2) I get full credit because I am the king of DataPower hacks!!!   :-)

------------------------------
Joseph Morgan
CEO - Independent

Original Message:
Sent: Tue September 09, 2025 07:16 AM
From: Krishna
Subject: How to use dp:sign to apply WSSec method

------------------------------
Krishna

Original Message:
Sent: Sun September 07, 2025 10:09 PM
From: Joseph Morgan
Subject: How to use dp:sign to apply WSSec method

My advice is if you need what the sign action outputs, just use it!   That's why it is there.  It might mean, in your case, you have a couple of extra actions, but FWIW, I tend to use what is configurable out-of-the-box rather than write (and maintain) a bunch of code. 

However, if you want to really dig in, try starting with the "store:///sign-wssec.xsl", which is, by default, what the Sign action uses.  That file, though, isn't going to help terribly much, but, it includes "store:///sign-wssec-common.xsl", and then you'll find more includes on more includes.   

The dp:sign() is relatively simple and the sign action is far more complex (Just toggle the "Basic" to go to advanced on the new UI, or go to the advanced tab on the old UI to see what I'm talking about).   On the Sign action, the header policy is strict.   You'll find how it handles that somewhere in all those includes.

------------------------------
Joseph Morgan
CEO - Independent

Original Message:
Sent: Sun September 07, 2025 05:51 AM
From: Krishna
Subject: How to use dp:sign to apply WSSec method

------------------------------
Krishna
------------------------------