As of last week IPAWS changed the way they authenticate, this change has caused the EDXL suite to no longer work. I was wondering if you are aware of this and or if you have any ideas on a fix. From what I can see they now require the SOAP body to be used in the signature for transport of https. The current version signs the timestamp. Any ideas you might have on this would be helpful.
Comments: ** Comment from web user: plupiani **
Comments: ** Comment from web user: plupiani **
I've already sent this to MITRE back before you posted this..
You need to get rid of the timestamp, and sign and digest only the soap body. There’s a rumor they’ve fixed a lot of it.
First think I would do is change the authenticationMode to MutualCertificate, make sure you attach your x.509 cert to botht the ClientCertificate and ServerCertificate in code. This will get the body signed correctly at least. Try that.. if IPAWS is not lying this should go through.
If it doesn’t (my money is on it not)…
Set:
enableUnsecuredResponse="true"
requireSignatureConfirmation="false"
And decorate all the instances of your capHeaderTypeDef in your proxy with ProtectionLevel = ProtectionLevel.Sign in the MessageHeaderAttribute