Hi,

I'm noticed a problem testing a JAX-WS client with a WSE server. The
JAX-WS client adds carriage returns to a SOAP header element that is
signed. This causes the WSE server to raise an error: "The signature
or decryption failed". If the carriage returns are removed, the same
web service call is successful.

I tried replicating the situation with a WSE client. I created a WSE
client that adds a SOAP header element that contains a carriage return
and is signed (using output filters). The WSE server raises the same
error: "The signature or decryption failed". When there are no
carriage returns in the signed header element, the WSE client's web
service call is successful.

It would seem that the WSE server has a problem validating signed
header elements that contain carriage returns. Security fails when it
shouldn't.

Is there a way around this problem? The clients that can call this WSE
service are not within my control, so I can't ensure no carriage
returns are in signed header elements in SOAP requests.

Thanks in advance for your help.

Mark