Hi Santosh, <wsse:Security soap:mustUnderstand="1"> > <wsu:Timestamp wsu:Id="Timestamp-c90b72e0-541c-4b17-bc0b-acf8c3495b43"> > <wsu:Created>2008-02-28T15:33:56Z</wsu:Created> > <wsu:Expires>2008-02-28T15:38:56Z</wsu:Expires> > </wsu:Timestamp> > <wsse:UsernameToken > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > wsu:Id="SecurityToken-9e141575-2400-4c6d-ab86-1d5af61727b2"> > <wsse:Username>[EMAIL PROTECTED]</wsse:Username> > <wsse:Password > Type=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > ">SomePassword</wsse:Password> > <wsse:Nonce>5SImW1gykzSPdeiWzcCdaQ==</wsse:Nonce> > <wsu:Created>2008-02-28T15:33:56Z</wsu:Created> > </wsse:UsernameToken> > </wsse:Security> > </soap:Header>
wsse prefix is missing a namespace declaration in wsse:Security element and I hope that you have explicitly omitted it when you are coping the SOAP message to the mail. The more important thing is about your Username Token element. What type of password does your service expect ? Plain Text ? If it is plain text, then the Username Token should look like the one below. <wsse:UsernameToken xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd " wsu:Id="UsernameToken-26613121"> <wsse:Username>bob</wsse:Username> <wsse:Password Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText ">bobPW</wsse:Password> </wsse:UsernameToken> and if the service requires digested password, then the Username Token should look like something like this. <wsse:UsernameToken xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd " wsu:Id="UsernameToken-22375698"> <wsse:Username>bob</wsse:Username> <wsse:Password Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest ">VE8/Xc7rVQUYENjqY08A3qItW5Q=</wsse:Password> <wsse:Nonce>PLlyaMav46GYqKZDuebNBg==</wsse:Nonce> <wsu:Created>2008-06-19T12:41:30.870Z</wsu:Created> </wsse:UsernameToken> Your Username Token seems a mix of both :) . Not sure whether this the problem though. If you are using Axis2 , you can use Apache Rampart to generate the Security header for you. thanks, nandana -- Nandana Mihindukulasooriya Software Engineer WSO2 inc. http://nandana83.blogspot.com/