WS-Security UsernameToken headers do not propagate to SOAP reference binding in SwitchYard

Solution Verified - Updated -


  • We have a SwitchYard web service with SOAP binding. This service will call another service defined as reference service in this SwitchYard project, but its implementation is deployed as a separate SwitchYard project.
  • Both services require WS-Security UsernameToken headers. The first service get the Security information from the user request. Now I have to propagate that WS-Security headers to the remote reference service.
  • For that I wrote a custom MessageComposer at the reference binding that adds the required WS-Security headers in the SOAPMessage to be sent to the reference service. I have printed the SOAPMessage and it is showing the correct headers and complete message. I even sent that message directly to the referece service using SoapUI and it worked without any issue.
  • But for some reason SwitchYard is not even calling the reference service and failing on this exception:
04:45:52,430 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-/ Interceptor for {}SampleService#{}Invoke has thrown exception, unwinding now: No username available
  • WSDL for the reference binding has a wsp:PolicyReference entry to declare the WS-Security Policy. When I removed the wsp:PolicyReference entry from the WSDL without changing anything on the other endpoint, it worked and I could send the message on the other end.


  • Red Hat JBoss Fuse Service Works (FSW)
    • 6.0.x
    • 6.2.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content