Layer7 API Management

 View Only
  • 1.  ws-security signature error

    Posted May 07, 2019 06:28 PM
      |   view attached

    We have a .Net application that is generating ws-security token today and is working fine with our vendor application. We are now trying to migrate that to API Gateway and receiving a invalid signature error message and it doesn't look like vendor application problem since it is working for the old application. I validate that ws-sec structure, algorithm, version is same for both the implementation but still giving an error as invalid signature. can you please help me with the potential cause with the attached policy please.


    Appreciate your help! Thank you!


  • 2.  Re: ws-security signature error

    Posted May 08, 2019 06:55 AM

    Hi Kumar1234,


    Not sure if this is related to your issue.


    I have seen this were the gateway formatted the timestamp elements in the ws-security header without milliseconds, where the receiving application could not process this.

    This problem was solved with an xslt appending 000Z with the created timestamp on the request.

  • 3.  Re: ws-security signature error
    Best Answer

    Posted May 08, 2019 09:51 AM

    I was able to figure this out. postman pretty mode is adding extra characters to the Ws-Security signature and caused issues for me.

    Thought it will be help anyone that is using ws-sec