Ask a Question

WS-Security header applied when not set

lc25s
Occasional Contributor

WS-Security header applied when not set

Outgoing WSS is NOT set, but I noticed that the header (although empty) is still added - only on requests. How do I turn this off?
4 REPLIES 4
nmrao
Community Hero

Re: WS-Security header applied when not set

Is it the following true and the details are still sent? Will you please post raw request message for sample?
a. There request step donot have any User/Password details?
b. Not selected to send these details in soapui's preferences


Regards,
Rao.
lc25s
Occasional Contributor

Re: WS-Security header applied when not set

i found out that when WS-Security settings are set, and not used, the header was put on. When I removed all of them (keystone, in, out, …) it stopped. Seems like a bug?
nmrao
Community Hero

Re: WS-Security header applied when not set

I believe that it is expected, not 100% sure. Any way, you could procced, right?


Regards,
Rao.
lnanavat
Occasional Visitor

Re: WS-Security header applied when not set

Rao,

I seemt to be having the same issue, where in, if I run a test using Ready API (through UI, version 1.9.0), then an empty header is sent. However, running the same test through the testrunner.sh script (Ready API 1.9.0) adds a security header with the mustUnderstand flag set to "1" and a faultcode is thrown in the response:

 

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Body>
<soap:Fault>
<faultcode>soap:MustUnderstand</faultcode>
<faultstring>Header {Security}http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd was not undertsood by the service.</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>

Thinking its the same issue, I tried looking at WSS settings, but they all seem blank/not set. Can you help?

 

 

 

cancel
Showing results for 
Search instead for 
Did you mean: