Hi, If I engage rampart, I've to put something in the security header, right?
Nope, if don't have a policy ( in the policy based configuration ) or a security parameter ( in the old way of configuration ), Rampart doesn't expect a secuerity header. There is a problem though , that whenever there is a policy, we expected a security header. This has to be fixed in Rampart by checking the policy and and enforcing a security header when only necessary. > org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:86) > 21:44:39,839 ERROR [STDERR] at > org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135) > 21:44:39,839 ERROR [STDERR] at > org.apache.axis2.description.OutInAxisOperationClient.handleResponse( > OutInAxisOperation.java:336) > 21:44:39,841 ERROR [STDERR] at It seems you are getting this must understand check fail error because you are getting a security header with a must understand true, in the response you get from the service and not in the request that you create. Can please a take look at that and the security configuration of the service for the out flow ? Thanks, Nandana
