we are trying to invoke a Siebel service from Prov ABCS.
While testing the interface using soap UI, Siebel service is giving an error saying that 'Unable to process SOAP Header child element 'wsse:Security' with 'mustUnderstand="1"'(SBL-EAI-08000)'
In google i found that Siebel expects security header in "http://schemas.xmlsoap.org/ws/2002/07/secext" namespace but weblogic supports "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".
so now Prov ABCS should be invoked with "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" namespace and it should be changed to "http://schemas.xmlsoap.org/ws/2002/07/secext" when Prov ABCS invokes Siebel service.
is there any way to change the security header namespace before invoking siebel service. or is there any policy to pass custom header message.
Assuming this refers to AIA Foundation Pack 126.96.36.199 or higher, this would be caused by the policy sets. They are attaching a OWSM policy to every reference of a provider ABCS. However, Siebel does not have the corresponding service security in place, so things don't match and lead to the error you see.
To verify that, you can go to EM console and check policy attachments on the particular reference towards Siebel. Just attach locally the policy 'oracle/no_authentication_client_policy', that will basically disable the attachment through the policy set.
You might want to check the security chapter in the AIA Developer's Guide for more details.
I guess you might want to take a look at the AIA Developer's Guide: http://docs.oracle.com/cd/E23943_01/doc.1111/e17364/resrcconnect.htm#BGBFDAJC.
Chapter 23.2.3 discusses the use of the session pool management as several AIA PIPs use it for service invocations into Siebel. For that, the above statement of assigning the 'oracle/no_authentication_client_policy' policy holds true, but you would have to populate the SOAP header yourself. This could be a session token as derived from the session pool manager, but it could be also setting username and password in the header as well.
I would suggest to take a look at some of the PIP's provider ABCSs to get the idea.