Java, Semeru Runtimes and Runtimes for Business

Java, Semeru Runtimes and Runtimes for Business

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Problem: HTTPS TRANSPORT Signed SOAP messages fail on WebSphere, but work on Oracle JDK

  • 1.  Problem: HTTPS TRANSPORT Signed SOAP messages fail on WebSphere, but work on Oracle JDK

    Posted Fri September 26, 2025 05:15 AM
    Edited by Jose Luis Nebril Fri September 26, 2025 05:39 AM

    We are sending WS-Security signed SOAP messages. On Oracle JDK the signature validates, but on WebSphere (WAS) the server rejects it as invalid.

    The reason: WAS re-serializes the SOAP envelope (com.ibm.ws.webservices.engine.xmlsoap.SOAPEnvelope) and changes prefixes/namespace declarations after signing, then the sign is not valid.

    👉 Question: Is there a way to disable this re-serialization, or force WAS to send the signed XML exactly as built?



    ------------------------------
    Jose Luis Nebril
    ------------------------------


    #API-Management
    #webMethods
    #soa#soap



Related Content