It's All About the Platform.

  • September 8, 2014

Integrating With Fusion Application Using Services (SoapUi - SSL)

Fusion Applications provides web services that allow external systems to integrate with Fusion Applications. There are two types of services: ADF services and composite services. ADF services are created for a logical business object and provide functionality to access and manipulate these objects. The composite services are mostly process oriented and provide an orchestration of multiple steps.  

Information about the web services provided by Fusion Applications is hosted in Oracle Enterprise Repository (OER). The information provided by OER can be used to understand the functionality provided by the service and how the service can be called.

This series of articles describes how one can invoke SOAP web services provided by Fusion Applications using various technologies. In previous article we covered how to invoke a Fusion Application web service secured with simple username token using SoapUI. In this article we will cover a call to service secured with SSL policy.



The reader is expected to have SoapUI installed.

Fusion Applications Web Service Policy

This example covers a call to a web service that support user name tokens and SSL. The example was tested with a service using "oracle/wss_username_token_over_ssl_service_policy" commonly available for Oracle SaaS environments.

Implementing Web Service Call

Generally the steps to call a SSL and non-SSL services are the same. The SSL services are however commonly configured to validate a timestamp though. So calls to SSL services commonly require the "wsu:Timestamp" element and the value used must be within tolerance. If the timestamp is not provided or the value is not within the tolerance you would see error such as:

      <env:Fault xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <faultstring>InvalidSecurityToken : The security token is not valid.</faultstring>

To resolve the issue add the Timestamp element:

         <wsu:Timestamp wsu:Id="TS-2">

Tolerance is configured on the server for details of configuration refer to Advanced Administration. In Cloud environment the tolerance is not configurable by customer. While the timestamp can be "manually" added to the SOAP envelope, Soap UI provides easier way to default the value. First we create a SoapUi project by navigating "File -> New Soap Project":

The project name can be anything; it does not impact the web service call. For the "Initial WSDL" enter the location of the WSDL for the service to be called, in this example we will use the "LocationService" for HCM. The "Create Requests" checkbox is checked to generate an example SOAP Envelope. Click OK and once the tool is done with the generation navigate to the operation to be invoked, in this case we will invoke the "findByLocationId" operation.
To populate the header we can create a template to be applied on the request. Double click the project name, in this case "SoapUIDemoSSL" and navigate to "WS-Security Configurations -> Outgoing WS-Security Configurations". Here create a new "Outgoing WS-Security Configuration" and define values as follows:

  • Name: can be anything; it does not impact the web service call
  • Default Username/Alias: Populate the user name that you use to call the service with
  • Default Password: Populate the user name that you use to call the service with
  • Must Understand: check the checkbox
  • WSS-Entry -> Timestamp:
    • Time to Live: Set to some suitable value for example 1000 seconds, this controls the value used for expires component on the timestamp element created
  • WSS-Entry -> Username:
    • Password Type: PasswordText
    • Other values: accept the defaulted values

Now back on the request we add header to the request by right clicking and choosing "Outgoing WSS -> Apply SoapUiDemoSSL":

And to make the XML more readable choose the "Format XML":

The security header is defaulted to the request:

<wsse:Security soapenv:mustUnderstand="1"
         <wsse:UsernameToken wsu:Id="UsernameToken-5">
         <wsu:Timestamp wsu:Id="TS-4">

With this the call to the service would succeed.


In this article we covered an example using SoapUI to integrate with Fusion Applications using web services secured with SSL policy. In future articles other technologies for invoking Fusion Applications web services will be covered.


Join the discussion

Comments ( 17 )
  • guest Monday, September 8, 2014


    This is working fine for me but can you please help me with hcmPeopleRolesV2/UserDetailsService.

    I am trying to get the user details based on the JWT User token (findSelfUserDetails).

    I am not able to get it working neither in SOAPUI nor using UIAccelerator app.

    Thanks in advance for your help.

  • Jani Rautiainen Tuesday, September 9, 2014

    Whats the issue you have? I don't have a JWT example yet, but it should work fine in SOAP UI, see this example:



    Jani Rautiainen

    Fusion Applications Developer Relations


  • apoorv Jain Tuesday, September 9, 2014


    I tried to integrate UIAccelerator app but i am not able to validate JWT user token, but when I paas username and password I am able to get the details.

    now I am trying to validate JWT token using SOAP UI and i have gone through the same link, but i am not able to understand how to pass following values to the HTTP Header:

    Key: Authorization

    Value: Bearer <jwt token value>. Note a space between Bearer and the token value.

    can you please help me on this.



  • Jani Rautiainen Tuesday, September 9, 2014

    You mention "UIAccelerator"; can you elaborate what this relates to ?

    In any case while I haven't tested this; in the SOAP UI you should be able to do this simly by:

    1. Open the request

    2. Click the "Headers" tab at the bottom of the request window

    3. Click the "+" icon that "Adds a custom HTTP Header tho this message"

    4. Add the key and value as documented

    As stated I have not tried this, but it should work. For more details see SOAP UI documentation:



    Jani Rautiainen

    Fusion Applications Developer Relations


  • apoorv Jain Tuesday, September 9, 2014

    Screenshot of SoapUI: I have added Key and Value to the Header but still getting error.


    UIAccelerator app: uses "hcmPeopleRolesV2/UserDetailsService" and findSelfUserDetails method to validate user token, so UIAccelerator app application is not working for me, so to debug that I am using SOAPUI to validate what is the real cause of issue, is it the token or the service or my SalesCloud need some setup to get JWT token enabled.

  • Jani Rautiainen Tuesday, September 9, 2014

    Is there a reason why you think this is related to authentication ? Based on the screenshot I think its likely related to encoding or content type.

    Check the request header, does it contain:

    Accept-Encoding: gzip,deflate

    This can be controlled in the SOAP UI preferences with "Request compression" and "Response compression" under the "HTTP Settings"


    Jani Rautiainen

    Fusion Applications Developer Relations


  • apoorv Jain Friday, September 12, 2014

    gzip,deflate issue is gone now but still I am getting following error, when connecting using JWT token:

    HTTP/1.1 401 Unauthorized, look at the screenshot.


    but when I connect using username and password, the service works fine for me and gives back response(screenshot for the same)


    using UI Accelerator app i was not able to validate the token so i was trying the SOAPUI to debug the issue. but it didn't workout for me.

    I am stuck at this point only. :(

  • Jani Rautiainen Friday, September 12, 2014

    It should work. To triage how did you obtain the JWT token ? Have you confirmed that the service is configured to support JWT, what the WSM policy defined for it ?

    The details of the configuration can be found here:


    So first confirm that the service has "wss11_saml_or_username_token_with_message_protection_service_policy" policy defined for it.


    Jani Rautiainen

    Fusion Applications Developer Relations


  • apoorv Jain Monday, September 15, 2014

    I tried everything, including what you mention in last comment, but its not working for me....this is very discouraging :(

  • Jani Rautiainen Thursday, September 18, 2014

    Unfortunately without access to your environment it is difficult to know why its not working, it is known to work in other environments. You may want to contact support for resolving this.


    Jani Rautiainen

    Fusion Applications Developer Relations


  • guest Thursday, March 12, 2015


    I am trying to execute the createsimpleinvoice webservice from soapui, but I am getting following error. Please let me know if I am doing something wrong.

    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">





    <faultstring>JBO-25058: Definition TransactionLineFLEX__viewlink_result__ of type Attribute is not found in InvoiceVO_InvoiceLine_InvoiceVOToInvoiceLineVO_InvoiceLineVO.</faultstring>


    <tns:ServiceErrorMessage xmlns:tns="http://xmlns.oracle.com/adf/svc/errors/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">


    <tns:message>JBO-25058: Definition TransactionLineFLEX__viewlink_result__ of type Attribute is not found in InvoiceVO_InvoiceLine_InvoiceVOToInvoiceLineVO_InvoiceLineVO.</tns:message>


    <ns1:sdoObject xsi:type="ns2:Invoice" xmlns:ns2="http://xmlns.oracle.com/apps/financials/receivables/transactions/invoices/invoiceService/" xmlns:ns1="http://xmlns.oracle.com/adf/svc/errors/" xmlns:ns14="http://xmlns.oracle.com/apps/financials/receivables/transactions/shared/model/flex/TransactionHeaderGdf/" xmlns:ns0="http://xmlns.oracle.com/adf/svc/types/" xmlns:ns12="http://xmlns.oracle.com/apps/financials/receivables/transactions/shared/model/flex/TransactionHeaderDff/" xmlns:ns13="http://xmlns.oracle.com/apps/financials/receivables/transactions/shared/model/flex/TransactionInterfaceHeaderDff/">

    <ns2:BusinessUnit>JG US Business Unit</ns2:BusinessUnit>


    <ns2:TransactionType>Jade US Invoice</ns2:TransactionType>






    <ns2:PaymentTermsName>NET 30</ns2:PaymentTermsName>


    <ns2:InvoiceLine xmlns:ns11="http://xmlns.oracle.com/apps/financials/receivables/transactions/shared/model/flex/TransactionLineDff/">


    <ns2:MemoLineName>Consulting Service</ns2:MemoLineName>

    <ns2:Description>Test Line</ns2:Description>

    <ns2:Quantity unitCode="1"/>

    <ns2:UnitSellingPrice currencyCode="USD"/>























  • Jani Rautiainen Thursday, March 12, 2015

    I could not find any similar issues, so not sure why its failing. You may need to contact support and have a bug created. To triage you could try excluding the flex fields from the envelope and the invoice line also to narrow the issue.


    Jani Rautiainen

    Fusion Applications Developer Relations


  • guest Friday, September 23, 2016

    This soapUI setup is not working for me. I am getting bellow error as response. Anything missed from my side?

    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">



    <env:Fault xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">


    <faultstring>FailedCheck : failure in security check</faultstring>





  • guest Tuesday, September 27, 2016

    The error given is quite generic and does not tell exactly why it failed. If you have access to server logs you could check those for more details. The cause could be anything from the server system clock being incorrectly set to simply passing wrong username / credential.

    To triage you would want to to double check that the values that you are using are correct; username and password valid and the timestamp is generated just before the call is made (there is a system specific configuration that controls the TTL so try using some smaller value like 30 seconds). Also check the policy supported by the service from the WSDL the above only works with SSL based policies it does not work with message protection. For latter see this A-team article:



    Jani Rautiainen

    Fusion Applications Developer Relations

  • guest Wednesday, January 18, 2017


    I did the steps as described in order to invoke PurchaseOrderService of procurement cloud. I get mapping related errors, after resolving them I get "access denied" Oracle.wsm.security.WSFunctionPermission

  • Jani Rautiainen Wednesday, January 18, 2017

    Oracle.wsm.security.WSFunctionPermission means that the user you authenticated with does not have the required access to invoke the service.

    Security reference guides are available through this site:



    Jani Rautiainen

    Fusion Applications Developer Relations

  • Nikheel Friday, April 27, 2018
    Hi ,

    I am using SOAP webservice to create the project in ORACLE FUION but i want to pass the DFF value which is different for each project.

    Below is the XML i am calling to create project.

    OP Test nProject N22
    Test22 Project throuogh Web serviceN
    OP Acquisition
    OP Inc
    OP Project Unit
    OP, Inc


    It would be helpful for me if you guide me how should i create/ pass the DFF values.

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.