function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

WSS in Salesforce SOA?

I have been working under the impression that Salesforce SOA does not support WSS security tokens while making external Web Service calls in Apex.  I haven't seen anything in the docs about SOA supporting WSS.

I wanted to get confirmation that this is accurate, that SOA cannot create and include WSS 1.0 security tokens in requests to Web Services.
There's no explicit support for WS-Security, However if you update the WSDL to include the definition of the WS-Sec token header you want in your messages, then the WSDL import tool should generate the code to handle it, but it needs to be explictly declared in the WSDL.



I know this is an old thread, but since I just went down this journey recently, I wanted to post a update.


There are lots of "clean up" items and limitiations going the WSDL2APEX path. It is currently NOT supported per SF support as called out in my post. My example covers ws-security both ways and where it falls down in WSDL2APEX classes and how it works in HTTP Requests via SOAP directly.


I have done a large post on the subject. Please review and comment on as appropriate.




1. WSDL - I would highly suggest using a WSDL/XML tool like Atlova XMLSpy (free trial) to examine the Types that are imported. It will allow you to trim down, and integrate the imported (manually - wish they had a merge - going to post that feature request at Atlova) xsd types, etc. I normally work with Visual Studio or Eclipse and they just couldn't get there. It will show you what is in the namespace and what is imported in the WDSL tab visually by color coding.


      a. WSDL Apex Class creation Limitations

          -Size of final Apex Class - 100K characters
        -Size of WSDL input - 1Meg
          - No Imports and no implied types from defined named spaces if they contain definitions (xsd which ws-security does).
           -No Attributes (xsd which ws-security does).
           -No annotations (xsd which ws-security does).

           -No multipe bindings (which most do 1 and 12)


2. Be prepared to spend some time (read as parse, fix error, rise and repeat) many times

3. Best SF reference I found was Link:

4. In the end, you may find to get it working that the HTTP request and manual soap xml codeup to be the quickest solution to get it running, Twitter and Facebook integrations work this way. It was really faster in the end for me.

5. The post covers both WSDL2APEX and Direct Soap calls via HTTP Request and examples so that you can choose the best option for your integration needs and the HTTP Request will allow ws-security to work properly.


Best Regards,



David W. Grigsby
Grigsby Consulting LLC
Intellectual Capital for Your Business
484 East Carmel Drive Suite 390
Carmel, IN 46032
Message Edited by dgrigsby on 04-28-2009 05:43 PM

I realize this is a really old post, but I couldn't find a complete answer.  Hopefully this will save someone a few hours work.