Hello

I have a consumer webservice which return me the following soap response :

<SOAP-ENV:Envelope xmlns:SOAP-ENV=“http://schemas.xmlsoap.org/soap/envelope/” xmlns:ns1=“https://webservice.face.gob.es” xmlns:wsa=“http://schemas.xmlsoap.org/ws/2004/08/addressing”>
SOAP-ENV:Header
<wsse:Security SOAP-ENV:mustUnderstand=“1” […]

I would like to remove the part in red. So I am working on a handler.

I assume I have to use the pub.soap.handler:removeProperty to delete it. Am I right ?
If yes, I have to set up a pub.soap.utils:QName, but here, I don’t know what to do.

Can you help me ?

the server side is using WS-Security, you should follow the WSS implementation to process it.
What’s the reason you want to remove the part you mentioned? Bypassing it is normally not recommended.

I know but my customer is not making the good things. The soap response is not valid which cause me an error (Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security).
As they will not change (they are national public administration and me a lone supplier ) I have to find a solution !

Please go through this link Understand the Famous "Did not understand MustUnderstand header(s)" Error

This may helps you…

What I understand is that they send me a soap header that does not correspond to my configuration. Right ?
So I need to update my configuration, but which one ? Policy file?
I have to admit that I have many problems to configure the ws security in SOAP.
It is so easy to do it in SOAP UI but nearly impossible for me in webMethods. (My requests in SOAP UI work fine)

Old topic, but my problem is the same.

IS: 9.12. I’m a consumer of SOAP service + WSS Policy.

Fragment of my request:

<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1">

Author of provider webservice introduced a very restrictive input data format and refuse my request because of
existence soapenv:mustUnderstand=“1”.
Error:

Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security

How to solve it?

check with your WS provider what WSSE is used, which policy is configured. Most likely they are using a different policy.

I’m using my own (customized by me) policy based on X509Authentication_Signature.policy.
Rather it’s not possible to change mustUnderstand at stage of calling ws connector in my IS service, because it’s added after invoke pub.client.soapClient method (that’s how WS policy work).

Now I’m trying to use outbound callback service and cut out “mustUnderstand” from header. There is a description of this mechanism in documentation: “Web_Services_Developers_Guide” and in “Integration_Server_Built_in_Services_References” (SOAP → pub.soap.handler.* methods)

And I’ve found a good example on site: