My Oracle Support Banner

Invalid Outbound ESB SOAP Security Header after Upgrading to 10.1.3.4 with "Security Header UsernameToken is required for operation" (Doc ID 847223.1)

Last updated on MAY 01, 2018

Applies to:

Oracle ESB - Version 10.1.3.4 and later
Information in this document applies to any platform.

Symptoms

You can pass security information from ESB to a web service by using XSLT (setOutboundHeader function) to set the WS-Security tokens in the SOAP header.

However, after upgrading to 10.1.3.4, the WS-Security tokens are set incorrectly and the security tag is missing.

 

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
          xmlns:xsd="http://www.w3.org/2001/XMLSchema"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Header>
     <UsernameToken xmlns="http://schemas.xmlsoap.org/ws/2002/07/secext">
               <Username>xxxx</Username>
              <Password>xxxxxxxx</Password>
     </UsernameToken>
</env:Header>
  <env:Body>         ....
 </env:Body>
</env:Envelope> 

**The above UsernameToken tags should be inside corresponding Security tags.**

This omission of Security tags could throw errors containing "Security Header UsernameToken is required for operation".

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.