Skip to Content

How to Configure AXIS Framework for Authentication Using the “wsse” Security Standard in SAP PI

How to Configure AXIS Framework for Authentication Using the “wsse” Security Standard in SAP PI 


You might be required to consume an interface exposed as a web service from a provider system using the receiver SOAP Adapter (SOAP/HTTP) connection. The provided service is therefore consumed via the provided soap endpoint.

In order to consume a service which requires “wsse” standard for authentication, there exists different options for implementing this. But in this blog, the focus is on the configuration of the “wsse” standard using the axis framework.

In “wsse” standard, a WS-Security Username Token enables an end-user identity to be passed over multiple hops before reaching the destination Web Service. The user identity is inserted into the message and is available for processing at each hop on its path. The client user name and password are encapsulated in a WS-Security <wsse:UsernameToken>.


Figure 1: Structure of SOAP message with “wsse” header

Create Communication Channel: To use this functionality, the Axis framework and all the necessary jar files must have been deployed on the PI system. Below are the steps necessary to implement security in the header of the message.

a)      Create a communication channel, under the parameter tab, choose the adapter SOAP and tick the receiver button;

b)      Choose the transport protocol as HTTP (Axis) and message protocol axis is automatically inserted in that field.

c)      Enter the appropriate URL, and under XI Paramter, tick the XI header option and if a SOAP Action is required, enter the value for it.


Figure 2: Receiver SOAP Adapter with AXIS message protocol

Axis Framework Configuration: In order to configure the Axis framework, switch to the module tab on the communication channel and enter the parameters shown in the screen below in the order specified in the screen.

Processing Sequence

ModuleName:  AF_Adapters/axis/HandlerBean

Type: Local Enterprise Bean

ModuleKey: wssec

Module Configuration

Module Key


Parameter Value











<enter password>=<enter password>



<enter username>


Figure 3: AXIS module configuration for “wsse”

Note: the parameters name and parameters value are case sensitive, so care should be taken they are entered as described above, if not the Adapter engine will throw up an error when the communication channel is monitored from the runtime workbench

References:  For further references, please check the FAQ note 1039369

You must be Logged on to comment or reply to a post.
  • Hi folks,

    Two small corrections that work for me in the same scenario:



    1. Handler.type instead of Handler.Type  it's OK in your screenshot but wrong on table.
    2. Uncheck keepHeaders, at least on my scenario with keepheaders checked I received:

         The header 'Main' from the namespace '' was not understood by the recipient of this message, causing the message to not be processed. This error typically indicates that the sender of this message has enabled a communication protocol that the receiver cannot process. Please ensure that the configuration of the client's binding is consistent with the service's binding.

    Follow note: 1776179 - Axis Adapter Error: org.apache.axis.ConfigurationException: handler is not instantiated

    1. Deploy the verified version of the wss4j (1.5.4, 1.5.5, 1.5.6, 1.5.7).
    2. The wss4j also requires the xmlsec-1.4.2.jar, but note if you deploy the wss4j-1.5.4.jar than the opensaml-1.0.1.jar also needs to be deployed. The older wss4j libraries do not require opensaml.




  • I am using wssec in SOAP Receiver with Axis protocol.

    I am getting error. "

    Error occurred while trying to load

    I have installed Axis components but this is missing in my server. But this is missing

    • Apache WSS4J
      Warning: optional component missing --- looking for in; see  

    Is this required to be installed?

    wssec is for encryption. I am not using any tokenname, so is there any need of any password?

    • Hi Midhun

      Yes you have to install Apache WSS4J because WSSE is token authentication .Because i faced same issue and installed this jar file and issue was resolved

  • Hi,

    Great Blog!!

    I am using Axis in our scenario (SAP PI 7.10), and after completing the above configuration, the header is not getting created as expected (screenshot attached)


    And we are getting below mentioned response from the third party web service (screenshot attached): 

    Could someone please advise…


    Aayush Aggarwal