My Oracle Support Banner

Error "WSM-00035 : Error in Signature reference mechanism compliance : Expected : thumbprint , Actual : direct" When Using SAML With OWSM (Doc ID 1618855.1)

Last updated on MARCH 16, 2022

Applies to:

Oracle Web Services Manager - Version 11.1.1.6.0 and later
Managed Cloud Services Problem Resolution - Version N/A to N/A
Information in this document applies to any platform.

Symptoms

A SAML based OWSM service policy is used, such as oracle/wss11_saml_or_username_token_with_message_protection_service_policy.

Requests sent to the service fail even though the correct client policy is attached on the client side.

In the diagnostic log, there is an error "WSM-00035 : Error in Signature reference mechanism compliance : Expected : thumbprint , Actual : direct"

Caused by: oracle.wsm.security.policy.scenario.policycompliance.PolicyComplianceException: WSM-00035 : Error in Signature reference mechanism compliance : Expected : thumbprint , Actual : direct. Ensure that a compatible policy is attached at the client side.
at oracle.wsm.security.policy.scenario.policycompliance.impl.ComplianceEngine.preSignatureVerificationCompliance(ComplianceEngine.java:301)
at oracle.wsm.security.policy.scenario.policycompliance.impl.ComplianceEngine.checkCompliance(ComplianceEngine.java:510)
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.verifyRequest(Wss11X509TokenProcessor.java:925)
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.verify(Wss11X509TokenProcessor.java:859)
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.verify(Wss11X509TokenProcessor.java:823)
at oracle.wsm.security.policy.scenario.executor.Wss11UsernameWithCertsScenarioExecutor.receiveRequest(Wss11UsernameWithCertsScenarioExecutor.java:134)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:567)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:669)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeXorAssertion(WSPolicyRuntimeExecutor.java:480)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:340)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:295)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:1039)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:485)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:94)
at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:128)
at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:276)
at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:165)
at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:576)
[...]

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
 1. Check logs for errors indicating problems validating time stamps
 2. Check policies
 Additional Information
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.