Our SOAP web service with WS-Security written in Java using Apache CXF returns a SOAP Fault saying “The signature or decryption was invalid” when it’s run on Linux, but not when it’s run on Windows.
We are having this strange problem with a SOAP client and server, both written in Java using Apache CXF. The development started by creating the WSDL in which we used WS-SecurityPolicy to define the WS-Security settings. All further development was done on a Windows 7 machine using Eclipse, maven and Tomcat. The result works great in the development environment (Windows 7), but when we test it in an Ubuntu Linux environment it doesn’t work. The server returns a SOAP Fault saying “The signature or decryption was invalid”.
Carriage return (\r) in String argument to service method causes “SoapFault: The signature or decryption was invalid”
In this thread the conclusion is :
This isn’t really a “bug” in CXF. It’s a bug in the Stax parser built into the JDK. If you add the wstx jar that we ship with CXF to the libs, the testcase works fine.
We added :
in both the Maven pom.xml file of the client and the server, but the result stays the same: “The signature or decryption was invalid”.
We also tested on Oracle Solaris, and it doesn’t work either.
We were able to trace the SOAP Fault back on the server side to an exception with the message: “com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID TS-16”. If we have a look inside the XML of the request we see :
Which is the element searched for. And we see :
Which is the reference to the previous element.
If we dissable signing, encrypting and timestamping it works. But then there are nu references used. Once one of these features is enabled it stops working.
Update October 4th 2011:
We managed to find the solution. Our test environment consists of :
- OS : Ubuntu Linux 11.04 Natty Narwhal
- Tomcat : 6.0.28
We were using the OpenJDK packages, and that appeared to be the problem. When removing those packages and installing the packages from sun-java6, everything started working.