Invalid Outbound ESB SOAP Security Header after Upgrading to 10.1.3.4 with "Security Header UsernameToken is required for operation"

(Doc ID 847223.1)

Last updated on NOVEMBER 02, 2016

Applies to:

Oracle ESB - Version 10.1.3.4 and later
Information in this document applies to any platform.

Symptoms

You can pass security information from ESB to a web service by using XSLT (setOutboundHeader function) to set the WS-Security tokens in the SOAP header.

However, after upgrading to 10.1.3.4, the WS-Security tokens are set incorrectly and the security tag is missing.

 

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
          xmlns:xsd="http://www.w3.org/2001/XMLSchema"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Header>
     <UsernameToken xmlns="http://schemas.xmlsoap.org/ws/2002/07/secext">
               <Username>xxxx</Username>
              <Password>xxxxxxxx</Password>
     </UsernameToken>
</env:Header>
  <env:Body>         ....
 </env:Body>
</env:Envelope> 

**The above UsernameToken tags should be inside corresponding Security tags.**

This omission of Security tags could throw errors containing "Security Header UsernameToken is required for operation".

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms