Hi, I am a bit confused when you say Oracle JDK since it would need to be an application or app server that you are using to encrypt and decrypt the messages. In any case, tWAS follows the specifications on SOAP and signing, so the underlying technology is hidden from the developer. If you want to use your own method then I would suggest you turn off JAX-WS by setting com.ibm.websphere.webservices.DisableIBMJAXWSEngine = true in the JVM custom properties. Or you can do something like this person did: https://stackoverflow.com/questions/39109111/manually-sign-soap-message-java, which it seems like what you are trying to do.
You can always open a case with IBM support to get more help in this area.
Brian
------------------------------
Brian S Paskin
Sr. Technology Engineer
IBM Cloud Engineering
------------------------------
Original Message:
Sent: Fri September 26, 2025 05:15 AM
From: Jose Luis Nebril
Subject: Problem: HTTPS TRANSPORT Signed SOAP messages fail on WebSphere, but work on Oracle JDK
We are sending WS-Security signed SOAP messages. On Oracle JDK the signature validates, but on WebSphere (WAS) the server rejects it as invalid.
The reason: WAS re-serializes the SOAP envelope (com.ibm.ws.webservices.engine.xmlsoap.SOAPEnvelope) and changes prefixes/namespace declarations after signing, then the sign is not valid.
π Question: Is there a way to disable this re-serialization, or force WAS to send the signed XML exactly as built?
------------------------------
Jose Luis Nebril
------------------------------