How to fix SAP error WSS037?

Self-Explanatory Message Since SAP believes that this specific error message is 'self-explanatory,' no more information has been given.The majority of messages in the SAP system have a message text, however this is frequently insufficient to comprehend or resolve the problem. To make things easier, more detailed information is frequently added to describe the issue, how to fix it, and the necessary steps or configuration modifications. Unfortunately, there isn't any extra information in this error notice. What else can you do? First, use our AnswerBot below to get a possible cause and solution (requires a premium subscription). Also, review the in-depth Common Questions & Answers listed below; you could discover a solution there or be able to connect with others who have faced similar challenges. You can also try searching the SAP support portal (support.sap.com) but you need a special user ID to access it. It is possible that an SAP support note exists that provides additional details about the mistake or even steps for fixing it.

How To Fix WSS037 - SOAP message contains unexpected authentication tokens

Instant Help Get instant SAP help. Sign up for our Free Essentials Plan.

SAP Error Message - Details

Message type: E = Error
Message class: WSS - Web Services Security
Message number: 037
Message text: SOAP message contains unexpected authentication tokens
Show details Hide details
Self-Explanatory Message
Since SAP believes that this specific error message is 'self-explanatory,' no more information has been given.The majority of messages in the SAP system have a message text, however this is frequently insufficient to comprehend or resolve the problem.
To make things easier, more detailed information is frequently added to describe the issue, how to fix it, and the necessary steps or configuration modifications.
Unfortunately, there isn't any extra information in this error notice.

What else can you do?
First, use our AnswerBot below to get a possible cause and solution (requires a premium subscription).
Also, review the in-depth Common Questions & Answers listed below; you could discover a solution there or be able to connect with others who have faced similar challenges.

You can also try searching the SAP support portal (support.sap.com) but you need a special user ID to access it. It is possible that an SAP support note exists that provides additional details about the mistake or even steps for fixing it.

Smart SAP Assistant

What is the cause and solution for SAP error message WSS037 - SOAP message contains unexpected authentication tokens ?

The SAP error message WSS037: SOAP message contains unexpected authentication tokens typically occurs in the context of SAP Web Services security (WS-Security). It indicates that the SOAP message received by the SAP Web Service contains authentication tokens that are not expected or not supported by the service configuration.

Cause

Unexpected or unsupported security tokens in the SOAP header: The SOAP message includes authentication tokens (such as UsernameToken, BinarySecurityToken, or other WS-Security tokens) that the SAP Web Service is not configured to accept.
Mismatch between client and server WS-Security configuration: For example, the client sends a UsernameToken, but the SAP Web Service expects no authentication or a different token type.
Incorrect or missing WS-Security policy configuration: The SAP Web Service’s security policy does not match the tokens sent by the client.
Improper SOAP message structure: The SOAP header may contain tokens in an unexpected order or format.
Use of unsupported token types: The SAP Web Service might only support certain token types (e.g., X.509 certificates) and rejects others.

Solution

Check WS-Security configuration on the SAP Web Service:
- Verify the security policy assigned to the Web Service in SAP (e.g., in SOAMANAGER).
- Ensure the policy matches the expected authentication tokens.
Align client and server security settings:
- Confirm that the client sends the correct type of authentication tokens expected by the SAP Web Service.
- If the service expects no authentication, ensure the client does not send any tokens.
- If the service expects UsernameToken, ensure the client sends it correctly.
Adjust or create a suitable WS-Security policy:
- Use SOAMANAGER to configure or modify the security policy to accept the tokens sent by the client.
- For example, enable UsernameToken support if needed.
Validate the SOAP message:
- Use tools like SOAP UI or SAP Web Service trace to inspect the SOAP header.
- Confirm the tokens present and their format.
Check for SAP Notes or patches:
- Sometimes, this error can be caused by bugs or limitations fixed in SAP Notes.
- Search SAP Support Portal for relevant notes related to WSS037.

Related Information

Transaction SOAMANAGER: Used to configure Web Service security policies in SAP.
WS-Security standards: Understanding WS-Security token types (UsernameToken, BinarySecurityToken, etc.) helps in troubleshooting.
SAP Help Portal: Documentation on configuring WS-Security for SAP Web Services.
SAP Notes: For example, SAP Note 1789270 and others related to WS-Security issues.
SAP Web Service Security Guide: Provides detailed information on how to configure and troubleshoot WS-Security in SAP.

Summary

Aspect	Details
Error	WSS037: SOAP message contains unexpected authentication tokens
Cause	SOAP message includes authentication tokens not expected or supported by SAP Web Service
Solution	Align client and server WS-Security configurations; adjust security policies in SOAMANAGER; validate SOAP message tokens
Tools	SOAMANAGER, SOAP UI, SAP Web Service trace
References	SAP Notes, SAP Help Portal, WS-Security standards documentation

If you provide details about your SAP system version, the client sending the SOAP message, and the current WS-Security configuration, I can help you with more specific guidance.

Instant Help Get instant SAP help. Sign up for our Free Essentials Plan.

Related SAP Error Messages

Click the links below to see the following related messages:

WSS036 Encryption check failed (part not encrypted: &1)
Self-Explanatory Message Since SAP believes that this specific error message is 'self-explanatory,' no more information has been given.The majority of...
WSS035 Not supported algorithm suite in service WSDL
What causes this issue? The used algorithm suite is not supported by ABAP client.System Response The client can not generated with the given WSDL.Ho...
WSS038 Authentication failed (Method &1, SRTUTIL Transaction Id &2)
Self-Explanatory Message Since SAP believes that this specific error message is 'self-explanatory,' no more information has been given.The majority of...
WSS039 Wrong token type received. Endpoint expects &1 token.
Self-Explanatory Message Since SAP believes that this specific error message is 'self-explanatory,' no more information has been given.The majority of...

Click on this link to search all SAP messages.

The AI Support Assistant is great. It provides comprehensive assistance even on the most difficult issues. I highly recommend this service.

John Jordan
SAP Consultant & Author