Mtom enable + signiture = problem
Hi , I have an mtom web service (data plus attachment). WhenI sign the request ( with Mtom NOT enabled) with sha1 certificate certificate works (ws fails later due to attachment not being mtom)....
Forum Discussion
I think I found a solution (or work-around); I noticed that the request is changing slightly once it leaves SOAP UI:
For example the original request may have a field like <payload>cid:147612301643</payload>
But after if gets signed it then changes to <payload><inc:Include href="cid:147612301643" xmlns:inc="http://www.w3.org/2004/08/xop/include"/></payload> which fails any hash check on a request since the signed message has been modified.
But if you replace the original entry in SOAP UI with the later (from the above examples), the message gets signed as is and passes the hash validation on the target server.
Hope this helps,
V
Yes this helps a Great Deal ! Thanks, this solution works, I find I have to attach the file using the original WSDL format
example first in order to set the Attachment Part to the generated partnumber (in example below) 147612301643 here:
<payload>cid:147612301643</payload>
Then once the file is attached, change this line in the request message to the following format (your example correct as is :)
<payload><inc:Include href="cid:147612301643" xmlns:inc="http://www.w3.org/2004/08/xop/include"/></payload>
DataPower then does then successfully verify the signed message/attachment - Presumably the problem we're fixing is a minor bug in SOAPUI signing-MTOM-attachments, which needs to be addressed in a future release.
Many thanks for your speedy reply...
Regards Gavin Bayfield