This discussion is archived
3 Replies Latest reply: Mar 23, 2012 2:53 AM by GerhardDrasch(Oracle) RSS

Problem with soap header namespace while invoking siebel service

890496 Newbie
Currently Being Moderated
Hi All,

we are trying to invoke a Siebel service from Prov ABCS.

While testing the interface using soap UI, Siebel service is giving an error saying that 'Unable to process SOAP Header child element 'wsse:Security' with 'mustUnderstand="1"'(SBL-EAI-08000)'

In google i found that Siebel expects security header in "http://schemas.xmlsoap.org/ws/2002/07/secext" namespace but weblogic supports "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".

so now Prov ABCS should be invoked with "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" namespace and it should be changed to "http://schemas.xmlsoap.org/ws/2002/07/secext" when Prov ABCS invokes Siebel service.

is there any way to change the security header namespace before invoking siebel service. or is there any policy to pass custom header message.

soap UI Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:schemas-qad-com:xml-services">
<soapenv:Header>
<wsse:Security xmlns:wsse="*http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"* xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" soapenv:mustUnderstand="1"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<wsse:UsernameToken>
<wsse:Username>user</wsse:Username>
<wsse:Password>pass</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
</soapenv:Body>
</soapenv:Envelope>

soap UI Response:

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header/>
<env:Body>
<env:Fault>
<faultcode>env:Server</faultcode>
*<faultstring>Unable to process SOAP Header child element 'wsse:Security' with 'mustUnderstand="1"'(SBL-EAI-08000)</faultstring>* <faultactor/>
<detail>
<exception><![CDATA[<siebelf:siebdetail xmlns:siebelf="http://www.siebel.com/ws/fault">
  <siebelf:logfilename>EAIObjMgr_enu_0035_36700305.log</siebelf:logfilename>
  <siebelf:errorstack>
    <siebelf:error>
      <siebelf:errorcode>SBL-EAI-08000</siebelf:errorcode>
      <siebelf:errorsymbol/>
      <siebelf:errormsg>Unable to process SOAP Header child element 'wsse:Security' with 'mustUnderstand="1"'(SBL-EAI-08000)</siebelf:errormsg>
    </siebelf:error>
  </siebelf:errorstack>
</siebelf:siebdetail>]]></exception>
</detail>
</env:Fault>
</env:Body>
</env:Envelope>

Any ideas ?

Thanks
  • 1. Re: Problem with soap header namespace while invoking siebel service
    GerhardDrasch(Oracle) Journeyer
    Currently Being Moderated
    Assuming this refers to AIA Foundation Pack 11.1.1.4 or higher, this would be caused by the policy sets. They are attaching a OWSM policy to every reference of a provider ABCS. However, Siebel does not have the corresponding service security in place, so things don't match and lead to the error you see.

    To verify that, you can go to EM console and check policy attachments on the particular reference towards Siebel. Just attach locally the policy 'oracle/no_authentication_client_policy', that will basically disable the attachment through the policy set.

    You might want to check the security chapter in the AIA Developer's Guide for more details.

    Gerhard
  • 2. Re: Problem with soap header namespace while invoking siebel service
    890496 Newbie
    Currently Being Moderated
    Thanks Gerhard.

    I attached the policy 'oracle/no_authentication_client_policy' for siebel reference in composite.xml

    <wsp:PolicyReference URI="oracle/no_authentication_client_policy"
    orawsp:category="security"
    orawsp:status="enabled"/>

    then Siebel service throwed an error saying that it needs username token.

    *<faultstring>SOAP Security Header UsernameToken is required for operation 'ETARQad2SblPreshipperNumberUpdate'.(SBL-EAI-05162)</faultstring>*
  • 3. Re: Problem with soap header namespace while invoking siebel service
    GerhardDrasch(Oracle) Journeyer
    Currently Being Moderated
    I guess you might want to take a look at the AIA Developer's Guide: http://docs.oracle.com/cd/E23943_01/doc.1111/e17364/resrcconnect.htm#BGBFDAJC.

    Chapter 23.2.3 discusses the use of the session pool management as several AIA PIPs use it for service invocations into Siebel. For that, the above statement of assigning the 'oracle/no_authentication_client_policy' policy holds true, but you would have to populate the SOAP header yourself. This could be a session token as derived from the session pool manager, but it could be also setting username and password in the header as well.

    I would suggest to take a look at some of the PIP's provider ABCSs to get the idea.

    Gerhard

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points