We have a .Net application that is generating ws-security token today and is working fine with our vendor application. We are now trying to migrate that to API Gateway and receiving a invalid signature error message and it doesn't look like vendor application problem since it is working for the old application. I validate that ws-sec structure, algorithm, version is same for both the implementation but still giving an error as invalid signature. can you please help me with the potential cause with the attached policy please.
Appreciate your help! Thank you!
Not sure if this is related to your issue.
I have seen this were the gateway formatted the timestamp elements in the ws-security header without milliseconds, where the receiving application could not process this.
This problem was solved with an xslt appending 000Z with the created timestamp on the request.
I was able to figure this out. postman pretty mode is adding extra characters to the Ws-Security signature and caused issues for me.
Thought it will be help anyone that is using ws-sec