Inserting DigitalSignature Inside SAML Assertion Throws Exception "signature error: not specified/sha256, invalid data: data and digest do not match (source location digests.c/236)" (Doc ID 2092009.1)

Last updated on JANUARY 06, 2017

Applies to:

Oracle API Gateway - Version 11.1.2 and later
Information in this document applies to any platform.

Symptoms

During OAG policy development, there is a  requirement to verify digitally signed SAML assertions in SOAP headers from other internal FMW components.

When OAG receives a digitally signed SAML assertion with the digital signature inside of the assertion node, OAG throws the following error:

ERROR
-----------------------
signature error: not specified/sha256, invalid data: data and digest do not match (source location digests.c/236)


If the digital signature is placed outside of the SAML assertion node, no error occurs and processing is successful.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms