ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Protecting my SOAP Resource with WS-Security, I get the error Signature-0 was not accepted


Article ID: 4400


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


  I Configure WSS service to handle WS-security enveloppes when protecting
  the soap resource /myservice/services/OpenSecWebService/serviceWSS, the
  service fails and I'd like to know what means the error seen :

  Trying to resolve id: #id-6B4F79D3E5B3A12A5E147248702585410
  Found nodeElem
  Check if Timestamp covered by header or Envelope? signedElem=4signatureType=-124
  SM_WSC_00629 - Unspecified acceptance error.
  SM_WSC_00624 - Signature-0 was not accepted.
  SM_WSC_00909 - Failed to validate signature
  dispatch request failed.


  In the XML Signature Restrictions pane, you need to select :

  Must Cover Body of Message
  Require Signature over wsu:Timestamp Element

  as per documentation :

  "If the authentication scheme is configured to require the
  timestamp element, the digital signature must cover that timestamp."


WSS Agent 12.52SP1CR04 64bit on Apache 2.4 on RedHat 6 64bit; Policy Server 12.52SP1CR04 on RedHat 6 64bit;


  Configuring the SOAP signature restriction in the pane

    "XML Signature Restrictions"

  by selecting these options :

    Must Cover Body of Message
    Require Signature over wsu:Timestamp Element

  it solves the issue.

Additional Information