Troubleshooting: Connect SOAP error “SOAP Envelope cannot have children other than SOAP Header and Body"
You create a Connect SOAP rule that calls an external SOAP service. On the Advanced tab of the Connect SOAP rule, you select the Enable ws-security check box to enable Web Services Security (WS-Security), because you want to securely move the SOAP messages to and from your application. You also create a Security Profile with a Truststore and a Keystore.
However, when you run the Connect SOAP rule, you see the following error message:
“SOAP Envelope cannot have children other than SOAP Header and Body"
.
Refer to the section below for additional error message details.
Error
com.pega.pegarules.pub.PRRuntimeError: PRRuntimeError
at com.pega.pegarules.session.internal.mgmt.base.ThreadRunner.
runActivitiesAlt(ThreadRunner.java:683)
…
Caused by: com.pega.pegarules.pub.services.RemoteApplicationException: SOAP service failed
at com.pegarules.generated.activity.ra_action_invokeaxis2_
8c25ae8bb966e138128cd3e51b3cadeb.step15_circum0
(ra_action_invokeaxis2_8c25ae8bb966e138128cd3e51b3cadeb.java:3520)
…
Caused by: com.pega.apache.axiom.soap.SOAPProcessingException: SOAP Envelope can not have children other than SOAP Header and Body
at com.pega.apache.axiom.soap.impl.dom.SOAPEnvelopeImpl.checkChild
(SOAPEnvelopeImpl.java:110)
at com.pega.apache.axiom.soap.impl.dom.SOAPEnvelopeImpl.insertBefore
(SOAPEnvelopeImpl.java:164)
at com.pega.apache.ws.security.util.WSSecurityUtil.prependChildElement
(WSSecurityUtil.java:646)
at com.pega.apache.ws.security.util.WSSecurityUtil.findWsseSecurityHeaderBlock
(WSSecurityUtil.java:722)
at com.pega.apache.ws.security.message.WSSecHeader.insertSecurityHeader
(WSSecHeader.java:146)
Explanation
This error occurs in PRPC 6.x and Pega 7 releases up through Pega 7.1.7 when you enable Web Services Security (WS-Security) on a SOAP connector, without also enabling Web Services Addressing (WS-Addressing). Without WS-Addressing enabled, the security headers are incorrectly missing from the Connect SOAP request.
Suggested approach
If you are using PRPC 6.x or a Pega 7 release up through Pega 7.1.7, you can resolve this issue by selecting the Enable ws addressing check box on the Advanced tab of the Connect SOAP rule. This ensures that the security-related data included in the SOAP header is sent and processed appropriately.