Hi

I have an application that connects to a web service which requires the SOAP request to be digitally signed.

I'm using WSS4J, and when running under Oracle Java, everything works correctly - the request is signed and the connection is successfully established.

However, when we deploy the same code in IBM WebSphere, we get an "invalid signature" error.
It looks like IBM's WS-Security implementation is intercepting the outgoing SOAP message and altering (or re-signing) the message, which causes the signature to become invalid.

Is there any way to disable WebSphere from applying its own WS-Security processing or signing on outgoing messages, so that the message is sent exactly as WSS4J generates it?

Any hints or configuration settings would be greatly appreciated.

JL