Signing Error on Mendelson AS4

Hi All,

We have a situation where we get the below error , but i am not sure why it is saying Failed Authentication as we are not using any username or password.
I have checked with the certificates and they are ok . One thing interesting was the line which says SIG_KEY_INFO should contain only one child. Other live partners are able to use the same singature and keyinfo format with no issues.

My Key info looks like below :

xxxx certificate value xxxxx


Actual Error :

The signature in the Security header intended for the "ebms" SOAP actor, could not be validated by the Security module.
BSP:R5402: Any SIG_KEY_INFO MUST contain exactly one child element

Any help on this is much appreciated.

Best Regards,
Harish S S




thank you for the feedback. Please contact us at to discuss this issue. As this is a functionality of the underlaying wss4j (web service security for java) it might be automatically fixed in the current version as we updated this lib.



ok, I figured out the meaning. For these kind of errors please always have a look at

The "BSP:R5402" part of the error message means: Basic Security Profile Issue R5402. This is in this case:

9.8 KeyInfo
9.8.1 Exactly One KeyInfo Child Element
R5402 Any SIG_KEY_INFO MUST contain exactly one child element.

Means for example the error
"BSP:R5417: Any SIG_KEY_INFO MUST contain a SECURITY_TOKEN_REFERENCE child element"

would refer to the section "R5417" which is:

9.8.2 SecurityTokenReference Mandatory

The ds:KeyInfo element allows for many different child elements. The Profile mandates a single element, wsse:SecurityTokenReference, which is needed to reference security tokens.

R5417 Any SIG_KEY_INFO MUST contain a SECURITY_TOKEN_REFERENCE child element.

For example,


<ds:KeyInfo xmlns:ds='' >
<wsse:Reference URI='#SomeCert'
ValueType="…" />


Means your partner has to implement the BasicSecurityProfile-1.1 in a proper way and then it should work.