SOAP signing sample works OK, but with three questions…
- The following three properties are set during verification of a digital signature :-
and the documentation implies all should be true for a valid signature verification - the sample only checks the “xbd.verifier.status.core” property for being true - do i need to check all three or just the core property ?
The sample creates a signed SOAP message in a particular way (includes empty namespaces and repeats the SOAP-SEC and SOAP-ENV namespaces against all security nodes), but a message from another source may not have these namespaces expressed in this way - will it matter to the verifier ?
What would we have to do to verifier a dsa-sha256 signature method rather than the three choices you get in the signer or does it only need to be referenced in the signed message and the verifier will handle it ?
***** question 2 above may not be that clear, but i basically want to be sure that if the incoming message is created along the SOAP and SOAP security extensions definitions then we will be able to verify the signature - not if we have to mandate how you use namespaces, as they can be expressed at a higher level than is shown in the signer output and empty namespaces not used at all.
The attached file is what the signer produces, but as you can see it’s not the best use of namespaces.
thanks for any help
Signed_with.xml (9.41 KB)