cancel
Showing results for 
Search instead for 
Did you mean: 

Alternate Namespace for Web Service Security UsernameToken for SOAP Web Service Calls

bernie-dem
Newcomer
0 Kudos
194

Dear SAP Community,

Our goal is to consume a third party API via SOAP which requires the addition of a WS-Security UsernameToken. In the past, we achieved this by manually adding the UsernameToken in the SOAP envelope as follows:

<soapenv:Header>
    <wsse:Security xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd mustUnderstand="0">
        <wsse:UsernameToken>
            <wsse:Username>some_username</wsse:Username>
            <wsse:Password Type=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText>some_password</wsse:Password>
        </wsse:UsernameToken>
    </wsse:Security>
</soapenv:Header>

With SAP Note 3152423, the namespace used for building the security header (http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd) got reserved/prohibited on newer SAP basis releases.

SAP Note 3071397 now explicitly mentions that this namespace needs to be replaced by a namespace that is not on the exclusion list introduced with SAP Note 3152423, without actually mentioning an alternative.

Can anyone please tell us which namespace should be used from here on after replacing the old "standard approach" via oasis namespace? 

Thanks and kind regards,
Bernhard

 

Accepted Solutions (0)

Answers (0)