Issue: Another bug in SoapUI might alter the security configuration of sent SOAP Requests. This may result in broken or discarded requests.
SoapUI features a dedicated “Auth” button on requests which allows to inject authorization methods. Using such an authorization option (e.g. Basic) and adding SAML tokens simultaneously may lead to a broken request. First I tried my way with a configuration as portrayed, by using the Authorization tab. Once the service was altered requiring SAML, I disabled the Authorization. Only using the saml token inside the request, I was still left with a unexpected response.
The issue here is SoapUI disregarding the disabled Authorization and keeping an altered request – although not perceivable to the naked eye. When switching back to Basic Authorization and explicitly removing the Outgoing WSS before disabling the Authorization altogether this issue disappears – the request is now working as intended.
So SoapUI is somehow not removing the Outgoing WSS when the set up Authorization method is disabled, which may interfere with the expected request. I conclude this to be a bug, as the expected action when removing Authorization is to have no influence by a configured, although disabled Authorization.
