Had the same issue recently, the security header coming back from the service was empty in my case.
For now I'm using 1.3 until the issue I raised is resolved. Try the same code with Axis 1.3 and Rampart 1.3 and see if that works for you. Taariq -----Original Message----- From: RonnieMJ [mailto:[EMAIL PROTECTED] Sent: 10 October 2008 23:32 To: axis-user@ws.apache.org Subject: Rampart 1.4 mustUnderstand Does rampart version 1.4 default mustUnderstand to 1? I'm getting the famous error, and am using a policy to set my configurations in code (client side ONLY). My wsse:security tag ends up as mustunderstand="1". <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" soapenv:mustUnderstand="1"> The security isn't set in the WSDL. I am using axis2 1.4.1. I've seen the WSDL2Constants flag, but I'm not using WSDL2Constants. Just the plain old: options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(confDir + "/clientSecurityPolicy.xml")); stub._getServiceClient().setOptions(options); stub._getServiceClient().engageModule("rampart"); I also don't have access to or control over what is used on the service side (external). -- View this message in context: http://www.nabble.com/Rampart-1.4-mustUnderstand-tp19926442p19926442.htm l Sent from the Axis - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]