On Data Power V10 virtual appliance, 

I have created an MPGW service for sign and verify.
I am able to sign the message using our public and private key and made another rule to verify that particular message  using public key on same processing policy but it is throwing below error
"*RSA signature did not verify* (from client)".

- The configuration of Sign Action is :

1. XML security.
2. Envelope Method equal Enveloping Method.
3. Message type equal Raw XML Document, including SAML for Enveloped.
4. Add in Key field the private key.
5. Add in certificate field the certificate.

- The configuration of Verify Action is :

1. Signature Verification Type equal RSA/DSA Signatures
2. Add in certificate field the certificate.

Note: The certificate key are proper pair, the message send to verify is not altered i am directly sending the whole signed msg in verify req body

Sign :http://192.168.31.151:2007/sign

Verify: http://192.168.31.151:2007/verify

Any help to solve this issue is highly appreciated.

Attachment(s)

sign-verify req-res.txt   8 KB 1 version

Sign-Verify-MPG (1).zip   849 KB 1 version

Hi,

I ran a quick test with your exported Sign-Verify-MPG(1).zip, added a key and cert with pma and test was working.

Are you sure that you are not trying to validate the formatted response. e.g in postman/soapui you should take the raw the response from sign as input for the request for verify. by default postman/soapui format the response, i.e. alter the message.

------------------------------
Jeroen Willems
Integration Architect - Managing Partner
Integration Designers
------------------------------