I am trying to invoke R12 SOA gateway service using dynamic endpoint reference within my bpel code. <binding.*location*> in composite.xml is removed. I am constructing ws-security header xml inside bpel and assigning it to the invoke activity using bpelx:inputHeaderVariable. In this scenario, the invocation fails saying 'User is not authorised'. In R12 front end, I could see that user is going as null.
But, when the location attribute of <binding> is assigned with the actual URL, then everything is working fine. Even from soap-ui, it works fine.
Only when using dynamic endpoint reference, the ws-security is not getting set. I have tried using ws-security policies also, but getting the same exception.