WSSE Policy Example for usernameToken


I found an example which we extend for using it for WS Security Username Tokens only.

Our requirement was to implement it for the web service provided by Austrian Government

Find attached the implementation of the policies file which we use.
You can simply upload the file Username_Token_Only.policy to IS_HOME/config/wss/policies

IS will load the policy with following confirmation:
[ISS.0141.0106I] Updated WS-Policy file Username_Token_Only.policy with policy ID UsernameTokenOnly.

Refresh your IS Connection on Designer to find it in the Policies Tab. Add it and define auth/message/user and auth/message/pass. This params will be used as wsse:Username and wsse:Password

The outcome will be like following:

Check more detail in 8-2-SP1_Web_Services_Developers_Guide.pdf (585 Bytes)

Thanks Josef for posting the example. You pointed me in the right direction.

However, I could not import the policy and it took me some time to figure it out as the policy files are pretty new to me. Then I modify existing policy Username_Signature.policy and remove all other stuff ale kept only the SignedSupportingTokens section and changed ID and name and I was able to import it and now I am finally able to invoke my webservice :lol:

Your typo in the policy file was


instead of



Here is my policy file. Hope it helps and saves some time other developers dealing with the WS madness :wink:

<wsp:Policy wsu:Id="Username_Token" Name="Username and Token"


      <sp:SignedSupportingTokens xmlns:sp="">
          <sp:UsernameToken sp:IncludeToken="" />


Hi experts!

I need a policy that returns me this:
<wsse:Security soapenv:mustUnderstand=“0” xmlns:wsse=“” xmlns:wsu=“”>
<wsse:UsernameToken wsu:Id=“UsernameToken-1”>
<wsse:Password Type=“”>Oasis2030!</wsse:Password>
<wsse:Nonce EncodingType=“”>9XbhOoet06M5XXD83sgM7Q==</wsse:Nonce>
</soapenv:Header> "

Can you point me in the right direction??

thanks in advance!!!