We Keep Coding

SOAP request uneffective on smartserver2.2

I am new here. I work as a developper on a very small company. I am in charge of developping a software (asp.net/c#) in order to monitor street lightings via smartservers (old version : 2.2).
I use SOAP messages to change the configuration and the values of each individual lamp (via datapoint).
I mostly succeeded to create schedulers and also to add datapoints.
But I am facing an issue when I want to add presets to a datapoint.
For example, these are 3 presets that could be used by the scheduler to control the lamp power (nviLampValue):
ON with a power lamp value of 100% represented by the formatted value '100.0 1'
OFF with a power lamp value of 0% represented by the formatted value '0.0 0'
PRESET1 at 80% with the formatted value '80.0 1'
I created a SOAP request (SET) to configure the presets for a datapoint (i.e. Net/LON/P68/OLC[0]/nviLampValue_1) but after a lot of trials and despite having no errors, the smartserver still ignore my request.
If someone have an idea about what is wrong with the request, it would help me a lot.
Thanks by advance
Regards,
Here is the SOAP request I made :
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mes="http://wsdl.echelon.com/web_services_ns/ilon100/v4.0/message/">
<soapenv:Header>
<mes:messageProperties>
<!--Optional:-->
<mes:UCPTuniqueId>cid:38089712644</mes:UCPTuniqueId>
<!--Optional:-->
<mes:UCPTipAddress>192.168.1.222</mes:UCPTipAddress>
<!--Optional:-->
<mes:UCPTport>8080</mes:UCPTport>
</mes:messageProperties>
</soapenv:Header>
<soapenv:Body>
<mes:Set xmlns="http://wsdl.echelon.com/web_services_ns/ilon100/v4.0/message/">
<mes:iLonItem xsi:type="Item_Coll" xmlns:xsi="xsi">
<!--Zero or more repetitions:-->
<mes:Item xsi:type="Dp_Cfg" xmlns:xsi="xsi">
<mes:UCPTname>Net/LON/P68/OLC[0]/nviLampValue_1</mes:UCPTname>
<!--Optional:-->
<mes:UCPTannotation>Dp_In;xsi:type=\"LON_Dp_Cfg\"</mes:UCPTannotation>
<mes:UCPTbaseType LonFormat="#8000010128000000[4].UCPTbaseType">BT_STRUCT</mes:UCPTbaseType>
<UCPTformatDescription>#0000000000000000[0].SNVT_switch</UCPTformatDescription>
<mes:ValueDef>
<mes:UCPTindex>0</mes:UCPTindex>
<mes:UCPTname>OFF</mes:UCPTname>
<mes:UCPTvalue LonFormat='#0000000000000000[0].SNVT_switch'>0.0 0</mes:UCPTvalue>
</mes:ValueDef>
<mes:ValueDef>
<mes:UCPTindex>1</mes:UCPTindex>
<mes:UCPTname>ON</mes:UCPTname>
<mes:UCPTvalue LonFormat='#0000000000000000[0].SNVT_switch'>100.0 1</mes:UCPTvalue>
</mes:ValueDef>
<mes:ValueDef>
<mes:UCPTindex>2</mes:UCPTindex>
<mes:UCPTname>PRESET1</mes:UCPTname>
<mes:UCPTvalue LonFormat='#0000000000000000[0].SNVT_switch'>80.0 1</mes:UCPTvalue>
</mes:ValueDef>
</mes:Item>
</mes:iLonItem>
</mes:Set>
</soapenv:Body>
</soapenv:Envelope>
And here is the response of the smartserver (seems to indicate no error, but no processing too)
<SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Header>
<p:messageProperties xmlns:p="http://wsdl.echelon.com/web_services_ns/ilon100/v4.0/message/">
<p:UCPTtimeStamp>2022-01-10T17:33:18.040+01:00</p:UCPTtimeStamp>
<p:UCPTuniqueId>0300003B44F2</p:UCPTuniqueId>
<p:UCPTipAddress>192.168.1.222</p:UCPTipAddress>
<p:UCPTport>8080</p:UCPTport>
<p:UCPTlastUpdate>2022-01-10T16:23:36Z</p:UCPTlastUpdate>
<p:UCPTprocessingTime>21</p:UCPTprocessingTime>
</p:messageProperties>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<SetResponse xmlns="http://wsdl.echelon.com/web_services_ns/ilon100/v4.0/message/">
<iLonItem xsi:type="Item_Coll">
<UCPTfaultCount>0</UCPTfaultCount>
<UCPTcurrentConfig>4.0</UCPTcurrentConfig>
</iLonItem>
</SetResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Ok, I found a solution that seems to work. I share in case someone could face the same (or a similar) problem.
This is what I found that worked after sending the request using SOAPUI:
I had to edit the < Enveloppe >, < MessageProperties > and < Set > tags with the correct namespaces.
I also added more parameters in the tag but I didn't check if they are all necessary, except UCPTname, UCPTannotation, UCPTFormatDescription, UCPTDirection and UCPTbaseType and that are important to define the presets.
Regards,
Here is the request that worked for me :
<?xml version="1.0" encoding="utf-8"?>
<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<Header>
<messageProperties xmlns="http://wsdl.echelon.com/web_services_ns/ilon100/v4.0/message/"/>
</Header>
<Body>
<Set xmlns="http://wsdl.echelon.com/web_services_ns/ilon100/v4.0/message/">
<iLonItem>
<Item xsi:type="Dp_Cfg">
<UCPTname>Net/LON/P68/OLC[0]/nviLampValue_1</UCPTname>
<UCPTannotation>Dp_In;xsi:type=\"LON_Dp_Cfg\"</UCPTannotation>
<UCPThidden>0</UCPThidden>
<UCPTformatDescription>#0000000000000000[0].SNVT_switch</UCPTformatDescription>
<UCPTlength>2</UCPTlength>
<UCPTdirection LonFormat="#8000010128000000[4].UCPTdirection">DIR_IN</UCPTdirection>
<UCPTbaseType LonFormat="#8000010128000000[4].UCPTbaseType">BT_STRUCT</UCPTbaseType>
<UCPTmaxFields>2</UCPTmaxFields>
<SCPTmaxSendTime>0</SCPTmaxSendTime>
<SCPTminSendTime>0</SCPTminSendTime>
<SCPTmaxRcvTime>0</SCPTmaxRcvTime>
<ValueDef>
<UCPTindex>0</UCPTindex>
<UCPTname>OFF</UCPTname>
<UCPTvalue LonFormat="#0000000000000000[0].SNVT_switch">0.0 0</UCPTvalue>
</ValueDef>
<ValueDef>
<UCPTindex>1</UCPTindex>
<UCPTname>ON</UCPTname>
<UCPTvalue LonFormat="#0000000000000000[0].SNVT_switch">100.0 1</UCPTvalue>
</ValueDef>
<ValueDef>
<UCPTindex>2</UCPTindex>
<UCPTname>PRESET1</UCPTname>
<UCPTvalue LonFormat="#0000000000000000[0].SNVT_switch">80.0 1</UCPTvalue>
</ValueDef>
</Item>
</iLonItem>
</Set>
</Body>
</Envelope>

Receiving No WS-Security Header error when attempting to POST to Cybersource Simple Order API

I am attempting to POST using Postman to the Cybersource Simple Order API, but it comes back with a no header error when doing so. What am I doing wrong here? Since the merchant ID is used as the username, what is used as the password, should this be the Simple Order transaction processing key?
Posting the following XML data to the test endpoint (https://ics2wstesta.ic3.com/commerce/1.x/transactionProcessor):
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>merchantname</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile1.0#PasswordText">key</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<requestMessage xmlns="urn:schemas-cybersource-com:transaction-data-1.150">
<merchantID>merchantname</merchantID>
<merchantReferenceCode>12345678912</merchantReferenceCode>
<recurringSubscriptionInfo>
<subscriptionID>12345678901234567890</subscriptionID>
</recurringSubscriptionInfo>
<paySubscriptionDeleteService run="true"/>
</requestMessage>
</soapenv:Body>
</soapenv:Envelope>

You have a small error in your namespaces. You missed a "-".
oasis-200401-wss-wssecurity-secext1.0.xsd
should be
oasis-200401-wss-wssecurity-secext-1.0.xsd
and
oasis-200401-wss-username-token-profile1.0#PasswordText
should be
oasis-200401-wss-username-token-profile-1.0#PasswordText

How to compose SPML v2 'modify' request to delete object attribute

I need to maintain an Active Directory service via SPMLv2 SOAP requests to an Active Roles Server.
I'm trying to do something ostensibly simple: delete the telephoneNumber attribute from an object. I'd never heard of SPML before so I spent some time trying to understand the specification available on the list of OASIS open standards.
I've figured out how to do it if the value is known. For example, the payload below will delete the telephoneNumber attribute if it matches the value '12345', but not any other value.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:urn="urn:oasis:names:tc:SPML:2:0">
<soapenv:Header/>
<soapenv:Body>
<urn:modifyRequest xmlns:spml="urn:oasis:names:tc:SPML:2:0">
<urn:psoID ID="CN=Some User,OU=User,OU=Accounts,DC=someorganisation,DC=org"/>
<urn:modification>
<modification name="telephoneNumber" operation="delete" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value>12345</value>
</modification>
</urn:modification>
</urn:modifyRequest>
</soapenv:Body>
</soapenv:Envelope>
What I can't figure out is how to do this for an unspecified value, i.e. I don't care what the value is before I delete it, I just want to delete it. I suspect this has something to do with the SelectionType and I just need to use a 'match anything' selector, but I'm having trouble understanding the specification.
Any ideas?
Edit: To add to the confusion, I see we're using the DSMLv2 namespace for the modification. I just pulled this from a sample on the Active Roles SPML service documentation so I don't know how/why it works. The SPML specification does mention DSML but doesn't give any context around its usage as far as I can tell. It could actually be a vendor specific implementation.

Figured out a solution/work-around to this problem.
To delete the attribute without knowing its current value, you can simply include a 'replace' operation to first set some arbitrary value and include it in the same modify request as the 'delete' operation.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:urn="urn:oasis:names:tc:SPML:2:0">
<soapenv:Header/>
<soapenv:Body>
<urn:modifyRequest xmlns:spml="urn:oasis:names:tc:SPML:2:0">
<urn:psoID ID="CN=Some User,OU=User,OU=Accounts,DC=someorganisation,DC=org"/>
<urn:modification>
<modification name="telephoneNumber" operation="replace" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value>deleteMe</value>
</modification>
<modification name="telephoneNumber" operation="delete" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value>deleteMe</value>
</modification>
</urn:modification>
</urn:modifyRequest>
</soapenv:Body>
</soapenv:Envelope>

Workday - SOAP API - Create_Requisition_Request SOAP Payload

I am working on Workday SOAP API. Using SOAP API - I am trying to create a Job Requisition (Create_Requisition_Request) and I am struggling with what valid values could be for each attribute and element. Could anyone please help me with some sample requests or point me to the link where I could get the valid values for each elements and attributes. Any help on this would be highly appreciated.

I have filled the xml payload with minimal information. you can add or remove some fields.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:bsvc="urn:com.workday/bsvc">
<soapenv:Header/>
<soapenv:Body>
<bsvc:Create_Requisition_Request bsvc:version="v27.2">
<bsvc:Business_Process_Parameters>
<bsvc:Auto_Complete>true</bsvc:Auto_Complete>
<bsvc:Run_Now>true</bsvc:Run_Now>
<bsvc:Comment_Data>
<bsvc:Comment>Create Job Requisition using WWS</bsvc:Comment>
</bsvc:Comment_Data>
</bsvc:Business_Process_Parameters>
<bsvc:Create_Job_Requisition_Data>
<bsvc:Position_Restriction_Reference>
<bsvc:ID bsvc:type="Position_ID">Your Position ID eg P-00300</bsvc:ID>
</bsvc:Position_Restriction_Reference>
<bsvc:Number_of_Openings>1</bsvc:Number_of_Openings>
<bsvc:Job_Requisition_Data>
<bsvc:Job_Requisition_ID>MY-REQ-001</bsvc:Job_Requisition_ID>
<bsvc:Job_Posting_Title>Software Engineer</bsvc:Job_Posting_Title>
<bsvc:Recruiting_Start_Date>2018-01-01</bsvc:Recruiting_Start_Date>
<bsvc:Target_Hire_Date>2018-01-01</bsvc:Target_Hire_Date>
<bsvc:Job_Profile_Reference>
<bsvc:ID bsvc:type="Job_Profile_ID">Enter Job profile ID (it should be in your tenant)</bsvc:ID>
</bsvc:Job_Profile_Reference>
<bsvc:Worker_Type_Reference>
<bsvc:ID bsvc:type="Worker_Type_ID">Employee</bsvc:ID>
</bsvc:Worker_Type_Reference>
<bsvc:Worker_Sub-Type_Reference>
<bsvc:ID bsvc:type="Employee_Type_ID">Regular</bsvc:ID>
</bsvc:Worker_Sub-Type_Reference>
<bsvc:Primary_Location_Reference bsvc:Descriptor="nimborum in">
<bsvc:ID bsvc:type="Location_ID">Toronto_site</bsvc:ID>
</bsvc:Primary_Location_Reference>
<bsvc:Position_Time_Type_Reference bsvc:Descriptor="animos et temperat">
<bsvc:ID bsvc:type="Position_Time_Type_ID">Full_time</bsvc:ID>
</bsvc:Position_Time_Type_Reference>
<bsvc:Scheduled_Weekly_Hours>40</bsvc:Scheduled_Weekly_Hours>
</bsvc:Job_Requisition_Data>
</bsvc:Create_Job_Requisition_Data>
</bsvc:Create_Requisition_Request>
</soapenv:Body>
</soapenv:Envelope>

ColdFusion CFHTTP connection to remote web service

I have successfully connected to a remote webservice using SOAPUI (www.soapui.org). But, I am having trouble calling it successfully from CF9.2.
Here is my entire CFC function. There are dynamic vars but I've tested the output in the soapUI interface and it works:
<cffunction name="getOrganisation" access="remote" returnType="any" output="true">
<cfargument name="iPageNumber" type="any" required="false" default="0">
<cfargument name="iPageSize" type="any" required="false" default="0">
<cfargument name="bCurrentNamesOnly" type="boolean" required="false" default="1">
<cfargument name="bExcludeNotRtos" type="boolean" required="false" default="0">
<cfargument name="bExcludeRtoWithoutActiveRegistration" type="boolean" required="false" default="0">
<cfargument name="sFilter" type="any" required="false" default="">
<cfargument name="bIncludeCode" type="boolean" required="false" default="1">
<cfargument name="sRegistrationManagers" type="any" required="false" default="">
<cfargument name="sClassificationFilters" type="any" required="false" default="">
<cfargument name="sScheme" type="any" required="false" default="">
<cfset var endpoint = "https://ws.staging.training.gov.au/Deewr.Tga.WebServices/OrganisationService.svc/Organisation">
<cfsavecontent variable="soapBody">
<cfoutput>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://training.gov.au/services/"
xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
<soapenv:Header/>
<soapenv:Body>
<ser:Search>
<ser:request>
<ser:PageNumber>#arguments.iPageNumber#</ser:PageNumber>
<ser:PageSize>#arguments.iPageSize#</ser:PageSize>
<ser:ClassificationFilters>
<ser:ClassificationFilter>
<ser:Scheme>#arguments.sScheme#</ser:Scheme>
<ser:Values>
<cfif len(arguments.sClassificationFilters)>
<cfloop list="#arguments.sClassificationFilters#" index="item">
<arr:string>#item#</arr:string>
</cfloop>
</cfif>
</ser:Values>
</ser:ClassificationFilter>
</ser:ClassificationFilters>
<ser:CurrentNamesOnly>#arguments.bCurrentNamesOnly#</ser:CurrentNamesOnly>
<ser:ExcludeNotRtos>#arguments.bExcludeNotRtos#</ser:ExcludeNotRtos>
<ser:ExcludeRtoWithoutActiveRegistration>#arguments.bExcludeRtoWithoutActiveRegistration#</ser:ExcludeRtoWithoutActiveRegistration>
<ser:Filter>#arguments.sFilter#</ser:Filter>
<ser:IncludeCode>#arguments.bIncludeCode#</ser:IncludeCode>
<ser:RegistrationManagers>
<cfif len(arguments.sRegistrationManagers)>
<cfloop list="#arguments.sRegistrationManagers#" index="item">
<arr:string>#item#</arr:string>
</cfloop>
</cfif>
</ser:RegistrationManagers>
</ser:request>
</ser:Search>
</soapenv:Body>
</soapenv:Envelope>
</cfoutput>
</cfsavecontent>
<cfhttp
url="#endpoint#"
method="post"
username="#variables.username#"
password="#variables.password#">
<cfhttpparam type="header" name="accept-encoding" value="no-compression" />
<cfhttpparam type="xml" value="#trim(soapBody)#"/>
</cfhttp>
<cfdump var="#cfhttp.FileContent#"><cfabort>
<cfreturn cfhttp.FileContent>
</cffunction>
Running this, I get the error:
An error occurred when verifying security for the message.
Following is the complete return xml
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<s:Fault>
<faultcode xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</faultcode>
<faultstring xml:lang="en-AU">An error occurred when verifying security for the message.</faultstring>
</s:Fault>
</s:Body>
</s:Envelope>
So, it appears to be an authorisation issue.
Here is the SoapUI request screen:
So, how do I construct the cfhttp, or maybe cfinvoke, to emulate the soapUI call?
EDIT
SOAP Request XML
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://training.gov.au/services/" xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
<soapenv:Header/>
<soapenv:Body>
<ser:Search>
<ser:request>
<ser:PageNumber>0</ser:PageNumber>
<ser:PageSize>0</ser:PageSize>
<ser:ClassificationFilters>
<ser:ClassificationFilter>
<ser:Scheme></ser:Scheme>
<ser:Values>
<arr:string></arr:string>
</ser:Values>
</ser:ClassificationFilter>
</ser:ClassificationFilters>
<ser:CurrentNamesOnly>true</ser:CurrentNamesOnly>
<ser:ExcludeNotRtos>0</ser:ExcludeNotRtos>
<ser:ExcludeRtoWithoutActiveRegistration>0</ser:ExcludeRtoWithoutActiveRegistration>
<ser:Filter></ser:Filter>
<ser:IncludeCode>1</ser:IncludeCode>
<ser:RegistrationManagers>
<arr:string></arr:string>
</ser:RegistrationManagers>
</ser:request>
</ser:Search>
</soapenv:Body>
</soapenv:Envelope>
EDIT 2
Further information:
Here is the url directly to the service: https://ws.staging.training.gov.au/Deewr.Tga.WebServices/OrganisationService.svc
Below is a screenshot of some authentication related information from the docs

I'm thinking that you need to post the username and password in cfhttpparam tags, not as attributes in the cfhttp tag.

SOAPUI is a fantastic tool, and one I've bee using a lot recently when debugging SOAP requests or transferring them from static .wsdl files into a ColdFusion component.
The first thing to look at is the error message itself:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<s:Fault>
<faultcode xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</faultcode>
<faultstring xml:lang="en-AU">An error occurred when verifying security for the message. </faultstring>
</s:Fault>
</s:Body>
</s:Envelope>
The faultcode node contains a link to the OASIS security namespace document:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Viewing that in the browser, you can see what security values are required and you can clarify the naming conventions. So, we can confirm from this that you do need to send through the following with the following format:
Username
Password
Without having access to the request you are testing in SOAPUI, we can also see that the Username and Password values are visible in the property window (your screen grab from the interface, above).
Are these values set within the XML of the request in SOAPUI? Perhaps in the SOAP request header, like so:
<soapenv:Header>
<authInfo xsi:type="soap:authentication">
<Username xsi:type="xsd:string">?</Username>
<Password xsi:type="xsd:string">?</Password>
</authInfo>
</soapenv:Header>
If that is the case, you will also need to include this header in your ColdFusion component when building the soapBody variable.
Also, can you view the URL of the SOAP request directly in the browser to see what variables it expects?
https://ws.staging.training.gov.au/Deewr.Tga.WebServices/OrganisationService.svc/Organisation
The overall structure of your CFC and soapBody looks good, so without having access to the file you are running in SOAPUI to see it running, debugging it and providing answers would be a little tricky.
If you can rule out all of the possibilities mentioned above and still have issues, let me know.

Yes, you were not originally passing a Oasis security header. The answers here so far probably aren't going to work however. Oasis standard can allow for many an varied combinations of user/password/nonce/digest/created and encoding attributes.
As you may or may not have found, the Axis 1 library (CF9 and lower user Axis 1 (versions 1.1-1.4); CF10 also has Axis 2 (Axis version 1.6)). And thus you must POST (cfhttp/http) to pass and receive an Oasis header. The Axis 1 library will cry about trying to understand the Oasis node in the header area.**
Since you are manually posting, you can simply construct your Oasis header in your header much like the example fro Matt Gifford.
Depending on what exactly the receiving party is expecting, you may will have something like this:
<wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<wsse:UsernameToken wsu:Id="UsernameToken-15">
<wsse:Username>
<!-- Removed-->
</wsse:Username>
<wsse:Password>
<!-- Removed-->
</wsse:Password>
<wsse:Nonce>
<!-- Removed-->
</wsse:Nonce>
<wsu:Created>2012-07-11T02:02:48.410Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
or this (from early cladding method pre-output):
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" >
<wsse:Username>#Arguments.szUserName#</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0##PasswordText">#Arguments.szPassword#</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
or this (final output):
<wsse:Security soapenv:mustUnderstand="1"xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-974900"xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>SuperJellyMan</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">jellybeanboom</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">SmVsbHlCZWFuQm9vbTk3NDkwMA==</wsse:Nonce>
<wsu:Created>2012-07-26T17:00:34Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
And so on and so forth. I have seen people invoke java libraries to do this more dynamically. I simply built a few simple methods to build my nonce and format my xml time stamp. But basically, it is pretty simple to build some kind of function or other helper methods to clad the values required in xml with the proper Oasis attributes and xsd references and then insert that in your header of your request of the manual post.
The tricky part is knowing exactly what they want in the Oasis security header if they do not tell you. The xsd simply shows what is acceptable according to Oasis standards, but not necessarily what they are using (and in what combination). If you can get that from them, you can pretty easily put that together from the Oasis docs.
Usually, the combination is User/Pwd (first example). If a Nonce is used, very often a Password Digest is also used (the password gets a ##PasswordDigest instead of ##PasswordText) and is an encoded hash of the created time and password (see Oasis docs for more explanation).
But, the last project I worked on had a plain text pwd plus a nonce with no digest. Not exactly logical since the nonce is supposed to make a fake request more difficult and use a non-clear text password which needs to be decoded by receiver and compared to validate... So it is totally up to the service on what they want/use/need.
You should be able to paste your concocted Oasis header into SoapUI and pretty quickly figure out what they might need/want from their responses to same.
If they have specified user/password (as text), you might find one of these examples (probably the second one) workable and not passing the nonce and created elements.
** Here is the Axis 1 fault for fun reference when Oasis is used with CF9 or less using actual SOAP methods (web service stub, rather than manual post):**
The fault returned when invoking the web service operation is: AxisFault faultCode: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}InvalidSecurity faultSubcode: faultString: An error occurred when verifying security for the message. faultActor: faultNode:
faultDetail: {http://xml.apache.org/axis/}stackTrace:An error occurred when verifying security for the message. at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221) at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:128) at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at org.apache.xerces.parsers.XML11Conf...
[EDIT]
Here is a bit more info as I am working on another webservice that is similar.
Your [SOAP] xml with the cannot possibly be working. I use soapUI as well and unless I add in a security header values in their proper spot the service will return exactly the response you are receiving ("InvalidSecurity") so not very sure this xml is what you should be trying to replicate. I have also successfully built a simple cf based script version to build the header which properly generates the header and adds it to a createObject() invoked javastubbed webservice:
doc = xmlNew();
doc['Security'] = XmlElemNew(doc,'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd', 'Security');
doc.Security['UsernameToken'] = XmlElemNew(doc, 'UsernameToken');
doc.Security.UsernameToken['Username'] = XmlElemNew(doc, 'Username');
doc.Security.UsernameToken.username.XmlText = "TESTERDUDE" ;
doc.Security.UsernameToken.username.XmlAttributes["xsi:type"] = "xsd:string";
doc.Security.UsernameToken['Password'] = XmlElemNew(doc, 'Password');
doc.Security.UsernameToken.password.XmlText = "YetAnotherPassword";
doc.Security.UsernameToken.password.XmlAttributes["xsi:type"] = "xsd:string";
doc.Security.UsernameToken.password.XmlAttributes["Type"] = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0##PasswordDigest";
doc.Security.UsernameToken['Nonce'] = XmlElemNew(doc, 'Nonce');
doc.Security.UsernameToken.nonce.XmlText = "tKUH8ab3Rokm4t6IAlgcdg9yaEw="; // This would be generated if needed
doc.Security.UsernameToken.nonce.XmlAttributes["xsi:type"] = "xsd:string";
doc.Security.UsernameToken['Created'] = XmlElemNew(doc, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", 'Created');
doc.Security.UsernameToken.created.XmlText = "2010-08-10T10:52:42Z";
doc.Security.UsernameToken.created.XmlAttributes["xsi:type"] = "xsd:string";
addSOAPRequestHeader(ws, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security", doc);
This properly generates [taken from the server side xml using getSoapRequest() which grabs the entire xml request] :
<soapenv:Header>
<Security soapenv:actor="" soapenv:mustUnderstand="0" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<UsernameToken>
<Username xsi:type="xsd:string">TESTERDUDE</Username>
<Password xsi:type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">My Password is my Voice</Password>
<Nonce xsi:type="xsd:string">tKUH8ab3Rokm4t6IAlgcdg9yaEw=</Nonce>
<Created xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xsi:type="xsd:string">2010-08-10T10:52:42Z</Created>
</UsernameToken>
</Security>
</soapenv:Header>