I created a test case where I use the Web Service SOAP Request to submit a SOAP Message. I used Signature Token as additional security (added my JKS file, provided alias and pass). I submitted the request, and got a successful response. So far so good...
Now, I can see the actual SOAP request that was sent to the server (I can see the Signature Header added inside the SOAP Header Envelope).
My question are:
1.) Why is that when we paste the same final request message (with signature headers included) generated from LISA, when I tried to paste it to a new test case that uses an ordinary Raw SOAP Request, HTTP Request, or even other medium like POSTMAN, SOAP UI, etc, it does not work (my request is being rejected by the server). There are no timestamp validation happening on the server and the timestamp fields are non existent, so ideally, the generated soap request message with signature can be reused many times by copy pasting the request to some other step/tool.
2.) Why is that for every time the step Web Service SOAP Request is executed, we can see different signature value each time? Is LISA applying some random hash function everytime? My raw unsigned request body is not changing, but I can see the signature header values get changed randomly from time to time every time we trigger request.