I'm developing a WCF service wich will be consumed by a Java application (via DataPower), and i'm using the following binding.
<customBinding>
<binding name="InteropCertificateBindingG">
<transactionFlow />
<security
authenticationMode="MutualCertificate"
defaultAlgorithmSuite="TripleDesRsa15"
messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
includeTimestamp ="true"
messageProtectionOrder="SignBeforeEncrypt"
securityHeaderLayout="Strict"/>
<textMessageEncoding />
<httpsTransport />
</binding>
</customBinding>
If we only sign, and receive only signed, the message everything works fine.
But when we define the contract to encrypt and sign, the client sends the message encrypted and signed I, the wcf service accepts the message but the client gets an error when he tris to read the response
the error is like this:
Transaction aborted in step 2. Hash values does not match
How can i know which tags are being encrypted/signed?
Should I use MutualCertificate or MutualCertificateDuplex authenticationMode since i'm using an AsymmetricSecurityBindingElement (defined by the wssecurity10 message version)?
Any idea of how we can solve this?
The problem was because the java client was using one certificate to sign the request and was expecting to receive the response encrypted with another certificate