My Oracle Support Banner

Invalid Outbound ESB SOAP Security Header after Upgrading to with "Security Header UsernameToken is required for operation" (Doc ID 847223.1)

Last updated on MAY 01, 2018

Applies to:

Oracle ESB - Version and later
Information in this document applies to any platform.


You can pass security information from ESB to a web service by using XSLT (setOutboundHeader function) to set the WS-Security tokens in the SOAP header.

However, after upgrading to, the WS-Security tokens are set incorrectly and the security tag is missing.


<env:Envelope xmlns:env=""
     <UsernameToken xmlns="">
  <env:Body>         ....

**The above UsernameToken tags should be inside corresponding Security tags.**

This omission of Security tags could throw errors containing "Security Header UsernameToken is required for operation".


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.