Error "WSM-00035 : Error in Signature reference mechanism compliance : Expected : thumbprint , Actual : direct" When Using SAML With OWSM (Doc ID 1618855.1)

Last updated on OCTOBER 25, 2016

Applies to:

Oracle Web Services Manager - Version 11.1.1.6.0 and later
Managed Cloud Services Problem Resolution - Version N/A to N/A
Information in this document applies to any platform.

Symptoms

A SAML based OWSM service policy is used, such as oracle/wss11_saml_or_username_token_with_message_protection_service_policy.

Requests sent to the service fail even though the correct client policy is attached on the client side.

In the diagnostic log, there is an error "WSM-00035 : Error in Signature reference mechanism compliance : Expected : thumbprint , Actual : direct"

Caused by: oracle.wsm.security.policy.scenario.policycompliance.PolicyComplianceException: WSM-00035 : Error in Signature reference mechanism compliance : Expected : thumbprint , Actual : direct. Ensure that a compatible policy is attached at the client side.
at oracle.wsm.security.policy.scenario.policycompliance.impl.ComplianceEngine.preSignatureVerificationCompliance(ComplianceEngine.java:301)
at oracle.wsm.security.policy.scenario.policycompliance.impl.ComplianceEngine.checkCompliance(ComplianceEngine.java:510)
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.verifyRequest(Wss11X509TokenProcessor.java:925)
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.verify(Wss11X509TokenProcessor.java:859)
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.verify(Wss11X509TokenProcessor.java:823)
at oracle.wsm.security.policy.scenario.executor.Wss11UsernameWithCertsScenarioExecutor.receiveRequest(Wss11UsernameWithCertsScenarioExecutor.java:134)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:567)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:669)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeXorAssertion(WSPolicyRuntimeExecutor.java:480)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:340)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:295)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:1039)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:485)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:94)
at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:128)
at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:276)
at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:165)
at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:576)
[...]

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms