How to Restrict signed elements in complete SOAP according to third party requirements

Am using WebMethods IS 9.6 CoreFix 12 on Windows 8.1

Produced a WSD using a client WSDL and Schema.

Declared their certificate via a WSC Endpoint and linked policy X509 Authentication and Signature to the WSC. This produces a message with complete certification.

As the customer specifically requires

<sp:WssX509V3Token10 />

I created custom X509V3Authentication_Signature policy based upon the original which works nicely.

They now report that this generates more signatures (references) in the security header than are permitted at their end. The signatures are generated for the soap bdy (permitted) and timestamp and #X509- Key info (not permitted). Is there anyway that one might restrict these other reference entries in the final soap message through a revised policy or other means?

many thanks

Hi Lawrence,

please have a look at the WS Developers Guide.

Please refer to chapters 15-19 as these might contain the neccessary informations you are looking for.


Thanks Holger for your update.

It seems the documentation review was worthwhile. I hadn’t’ previously attempted the Pre 8.2 IS Policy approach.

This allows for the configuration of a simpler, but perhaps more restricted, IS Security policy. I had previously used the functionality of WS-Security policywhen developing my own policy.

It seems that I can control these references using the pre 8.2 compatibility with Custom IS Security Policy. This must be configurable using WS-Security policy but I have yet to establish exactly how and this isn’t abundantly clear from the documentation.