Hi,
We have a requirement where in , i have to send a signed SOAP request with Security timestamp to the a web service hosted by our partner. I did the following:

1. Added the WS Security Header handler to the WSDL in through designer
2. Added the policy name and selected effective policy name - Consumer Policy for Signature,Auth
3. Refreshed the WSC
4. In the flow service that calls the WSC, in the following path -auth/message/serverCerts/keyStoreAlias, i gave the key store alias that we have defined in the Securiity/Keystore on the Admin page
5. In the following path - auth/message/serverCerts/keyAlias, i gave the name of the actual private key in the keystore.

Still I am getting an error saying that - Signed header is required.

Am i missing something? Do i have to give the actual certificate(private key) in the keyAlias path? How do i do that?
The PDF documentation says" You can specify handling of certificate information through direct or indirect references In a direct reference, the actual certificate, or a path to the URI specifying a remote
data source containing the token element, is embedded in the SOAP header."

Which version of WM are you running?
for newer version, you normally need to assign a WS alias in your WSD

I am using WM 8.2 SP2 Core Fix 9

I just came to know that in 8.2 mode Header handlers dont have any effect and we have to add policies to the WSD in Designer. So i set the Pre 8.2 Compatibility to False in property setting. Then I selected Policy X509Authentication_Signature and refreshed my WSC. Then I tested my Connector in debug mode, it still throws an error saying…

com.wm.app.b2b.server.ServiceException: org.apache.axis2.AxisFault: SOAP header missing
at pub.clientimpl.wssClient(clientimpl.java:3093)

Please help!!

Did you figure this out, I’m getting it as well, think we have to create and register a handler, was hoping there’s be one built in.

It is not working…I added the policy but I am getting an error on Processing the SOAP response.
Seems like in 8.2.2 the policy will apply on the responses too!! Which i don’t want. I want the x509 Authentication Signature policy to be applied to only the SOAP Request and not the response.

Is there a option to do that on 8.2.2. I know there is an option on 9.X