Invalid Outbound ESB SOAP Security Header after Upgrading to with "Security Header UsernameToken is required for operation"

(Doc ID 847223.1)

Last updated on MAY 01, 2018

Applies to:

Oracle ESB - Version and later
Information in this document applies to any platform.


You can pass security information from ESB to a web service by using XSLT (setOutboundHeader function) to set the WS-Security tokens in the SOAP header.

However, after upgrading to, the WS-Security tokens are set incorrectly and the security tag is missing.


<env:Envelope xmlns:env=""
     <UsernameToken xmlns="">
  <env:Body>         ....

**The above UsernameToken tags should be inside corresponding Security tags.**

This omission of Security tags could throw errors containing "Security Header UsernameToken is required for operation".


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms