3 Replies Latest reply on Sep 4, 2013 12:35 PM by S.Ananth

    Unable to pass security header


      Hi, We are facing issue while passing the OWSM policy from one proxy to other proxy.

      PS1 ->PS2

      PS1 doesnot have OWSM policy .

      PS2 has owsm policy.The policy used is username token service policy.


      When we are calling the PS2 from PS1 the security headers are not getting passed and hence failing with authentication.


      We tried inserting the WS security header in PS1 ie., we assigned the security header in header variable and tried passing it. But that also failed


      Could you please help us how to pass the security header from non secured proxy service.


      Thanks in advance, Anup

        • 1. Re: Unable to pass security header

          Try using pass-through mode for PS1, OSB leaves the SOAP message untouched and simply routes the request on to its destination service. This means that all security headers in the original request are preserved in the request sent on to the destination service.

          • 2. Re: Unable to pass security header



            We cannot make PS1 as pass through. The whole scenario is like this.

            We have two different OSB projects.


            Project 1-> PS1a, PS1b, PS1,PS2

            Project 2-> PS2a, PS2b, PS1,PS2


            PS1a calls PS1b which inturn calls Ps1/Ps2 based on some conditions.


            We have implemented OWSM in PS1a(Pass through) and PS1b(OWSM processed).


            We have to call PS2a from PS1(Project1)


            PS1a(Pass through)->PS1b(OWSM processed).->PS1----->PS2a(Pass through)


            When the flow comes to PS1, it will not have security headers. But PS2a expect security header from PS1.


            So are you suggesting us to make PS1 of project1 also to be a pass through.


            Any suggestions on this will be helpful

            • 3. Re: Unable to pass security header

              Check whether Process WS-Security Header option has been checked/set to 'Yes' (it will be by default, unless changed) in the proxy service PS1. If so, set it to No, so that PS1 does not process the security header and pass-through to the next proxy service (PS2).