31 Dec 2018: Thank you to our knowledgeable and friendly forums users for another great year. We are aware of the uptick in spam accounts and are doing our best to ban these at first sight. Thank you for your patience!

OpenClinica Web Services 3.4.1 raises WssSoapFaultException

Hi folks,

I'm trying to get the soap request to work with the most current version, but without success.


<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v1="http://openclinica.org/ws/study/v1">
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-27777511" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">a3adf26e70b8d8ab53da3d36b159ccb341d014e6</wsse:Password>


<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<faultstring xml:lang="en">com.sun.xml.wss.impl.WssSoapFaultException: Authentication of Username Password Token Failed; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.WssSoapFaultException: Authentication of Username Password Token Failed</faultstring>
Thanks for your help.


  • haenselhaensel Posts: 602 ✭✭✭
    Hi Jens

    Did you follow the "Using OpenClinica Web Services" instructions? Especially the following points:
    • The user account should be authorized to use web services; this authorization is granted in User Account setup.
    • The password will need to be encrypted using the appropriate digest type. (here AES)

    So please check that you ticked the "Authorize SOAP web services in this account" checkbox in the user settings and that this password hash is an AES hash?



    • jens.piegsajens.piegsa Posts: 5
      Hi Christian,

      thanks for your reply. Yes, I followed the given instructions.
      • "Authorize SOAP web services in this account" is checked for the given user
      • I used SHA-1 hash of the user password (the same as in the database in user_account.passwd)

      Any other ideas?


    • haenselhaensel Posts: 602 ✭✭✭
      Hi Jens

      After a closer look to your example try to change

      <wsse:Password Type="


      <wsse:Password type="


    • jens.piegsajens.piegsa Posts: 5
      That did not work.
    • haenselhaensel Posts: 602 ✭✭✭
      Just to be shure that this isn't a simple configuration problem. Does the ws installation use the same database as the web installation?
    • jens.piegsajens.piegsa Posts: 5
      Both applications are running on the same Tomcat server instance. Their datainfo.properties are the same and there is only one PostgreSQL server.
    • jens.piegsajens.piegsa Posts: 5
      Hi Christian,

      looking into it again, I recognized this line:


      How is this supposed to work with two different applications expected to access the same database?

      Replacing it with a fixed name identical in both versions resolved the issue.
      Maybe this kind of default is misleading...

      Thanks again for your help!

    • haenselhaensel Posts: 602 ✭✭✭
      It's allways worth to double check even the simple steps. The default setting is usefull for the web instance only. Good that it works now.

    This discussion has been closed.