My client is using SHA1 for their signing/encryption policy of their webservice (in the SOAP security header). Is there a way to use SHA1 for the security policy, as it seems wm uses SHA2.
Thanks!
Will
you can customized the policy file to use other AlgorithmSuite
You can find the policy file at:
\IntegrationServer\instances\default\config\wss\policies
start with an existing policy.
edit this field:
sp:AlgorithmSuite
wsp:Policy
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
you can find all possible Algorithm Suite at:
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826547
section 6.1, most basic ones are using SHA1
Thanks. I just went through all the SHA1 algorithms and still get “signature or decryption was invalid.”
Check with your client for the value they use in the AlgorithmSuite field.
SHA1 is only part of the Suite. They may be using a different one.
For that error, it may caused by a missing cert configuration (you don’t trust the cert that’s signing or encrypting the message). Have you configure client cert for Message Authentication, Verify and Encrypt