"Timestamp Should Not Be In The Message" when using ssl type policies

(Doc ID 1552393.1)

Last updated on JULY 28, 2017

Applies to:

Oracle Web Services Manager - Version 11.1.1.4.0 and later
Oracle SOA Suite - Version 11.1.1.3.0 and later
Information in this document applies to any platform.

Symptoms

Getting a "Timestamp should not be in the message" error when using oracle/wss_username_token_over_ssl_client_policy.  The error stack is similar to the following:

ERROR
-----------------------
[2013-05-07T05:21:36.257-04:00] [soa_server1] [ERROR] [WSM-00279] [oracle.wsm.resources.security] [tid: orabpel.invoke.pool-4.thread-1] [userId: <anonymous>] [ecid: 8092e42b34cb9d98:78bab20e:13e7e36ed36:-8000-0000000000002376,1:31585] [WSM_POLICY_NAME: oracle/wss_username_token_over_ssl_client_policy] [APP: soa-infra] [composite_name: RTNInvocation] [component_name: InvokeRTN] [component_instance_id: 130001] The following Fault Message is received at the client side from the service:- [[
Timestamp should not be in the message .

The client side policy is:-
oracle/wss_username_token_over_ssl_client_policy.
...
}.
]]

[2013-05-07T05:21:36.287-04:00] [soa_server1] [ERROR] [] [oracle.integration.platform.blocks.soap] [tid: orabpel.invoke.pool-4.thread-1] [userId: <anonymous>] [ecid: 8092e42b34cb9d98:78bab20e:13e7e36ed36:-8000-0000000000002376,1:31585] [APP: soa-infra] [composite_name: RTNInvocation] [component_name: InvokeRTN] [component_instance_id: 130001] Unable to dispatch request to https://xxx due to exception[[
oracle.j2ee.ws.client.jaxws.JRFSOAPFaultException: Client received SOAP Fault from server : Timestamp should not be in the message

 or

[soa_server1] [ERROR] [OWS-04086] [oracle.webservices.service] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 708e379b2a68952a:4fa246fd:14cbb06c10d:-8000-0000000000207582,0] [APP: soa-infra] [composite_name: CreateServiceRequest] [component_name: createsrpt_bpelprocess_client_ep] oracle.fabric.common.PolicyEnforcementException: InvalidSecurityToken : The security token is not valid.[[
at oracle.fabric.common.AbstractSecurityInterceptor.processResult(AbstractSecurityInterceptor.java:180)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:95)
at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:129)
at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:276)
at
...
Caused by: oracle.wsm.common.sdk.WSMException: InvalidSecurityToken : The security token is not valid.
at oracle.wsm.security.policy.scenario.executor.WssUsernameTokenOverSSLScenarioExecutor.receiveRequest(WssUsernameTokenOverSSLScenarioExecutor.java:259)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:832)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:425)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:344)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:291)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:1059)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:489)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:94)
... 35 more
Caused by: oracle.wsm.security.SecurityException: WSM-00122 : Valid timestamp is not present in the message.
at oracle.wsm.security.policy.scenario.validator.GenericTimestampValidator.hasCreated(GenericTimestampValidator.java:171)
at oracle.wsm.security.policy.scenario.validator.GenericTimestampValidator.validate(GenericTimestampValidator.java:86)
at oracle.wsm.security.policy.scenario.util.WsmMessageSecurityUtils.verifyTimeStamp(WsmMessageSecurityUtils.java:200)
at oracle.wsm.security.policy.scenario.executor.WssUsernameTokenOverSSLScenarioExecutor.receiveRequest(WssUsernameTokenOverSSLScenarioExecutor.java:147)
... 44 more

]]

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms