My Oracle Support Banner

OWSM Policy Is Invoked When It Should Not While A Fault Is Thrown Calling An OSB Service And Errors Out (WSM-00069) (Doc ID 2019829.1)

Last updated on MARCH 10, 2022

Applies to:

Oracle Web Services Manager - Version and later
Information in this document applies to any platform.


The issue encountered in OSB 12.1.3 is related to calling OSB services that are protected by SAML policies. SAML assertions have been defined in OWSM and attached to the OSB Business services in the proxy pipeline.
When the remote service returns a SOAP fault, the response is being processed by OWSM which throws an exception because there is no security header in the response.
This is not the expected behavior because the SAML assertion is marked as not applicable to responses or faults.
Successful responses, with an HTTP 200 do not go through OWSM. However, a response with an HTTP 500 and a SOAP fault are going through OWSM which causes the exception. This is not the expected behavior.


When the response is successful, then there is no issue since the owsm policy will not be invoked. But if there is a soap fault, then the exception is thrown because the owsm policy is being invoked.

SOA/OSB 12.1.3
OS: Linux x86


1. Pass a faulty response to the service that has custom OWSM policy  - <HEADER>/wss10_saml_token_with_identity_switching_client_policy
with set to true.

2. Check the log file to see the exception being throw as a result of invoking the OWSM policy which should not be invoked.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.