OWSM Policy Is Invoked When It Should Not While A Fault Is Thrown Calling An OSB Service And Errors Out (WSM-00069) (Doc ID 2019829.1)

Last updated on AUGUST 02, 2023

Applies to:

Symptoms

PROBLEM DESCRIPTION
------------------------------------------
The issue encountered in OSB 12.1.3 is related to calling OSB services that are protected by SAML policies. SAML assertions have been defined in OWSM and attached to the OSB Business services in the proxy pipeline.
When the remote service returns a SOAP fault, the response is being processed by OWSM which throws an exception because there is no security header in the response.
This is not the expected behavior because the SAML assertion is marked as not applicable to responses or faults.
Successful responses, with an HTTP 200 do not go through OWSM. However, a response with an HTTP 500 and a SOAP fault are going through OWSM which causes the exception. This is not the expected behavior.


ERROR
--------

WHAT IS WORKING
-------------------------------
When the response is successful, then there is no issue since the owsm policy will not be invoked. But if there is a soap fault, then the exception is thrown because the owsm policy is being invoked.

ENVIRONMENT
------------
SOA/OSB 12.1.3
OS: Linux x86
SOA/OSB

STEPS
----------

1. Pass a faulty response to the service that has custom OWSM policy  - <HEADER>/wss10_saml_token_with_identity_switching_client_policy
with ignore.timestamp.in.response set to true.

2. Check the log file to see the exception being throw as a result of invoking the OWSM policy which should not be invoked.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.