So my weekend started with a major escalation. Customer said he cant process payload and it was working prior to the CPU patching of system. He was using TLS 1.0 (supressed by new jdk), We had already disabed algorithms in java.security.
Issue:<OSB 12.2.1.2>
when try to consume a osb service:https://abc.oracle.com/xyxxxx/Customers/ContactsSvc/v2?wsdl
We are getting a 500 server error at any pharmacy,
Traige: To look for actual issue , we found that this was connecting to a SAAS application. So, i looked at public OTD logs considering it must be on the internet. I found http 200(success ) in the logs. Then i grep'ed for that string in SOA logs.
Errors:
oracle.wsm.security.SecurityException: WSM-00254 : The message is expired. Check the timestamp element in the message.
The current server time is "September 7, 2019 11:30:07 PM CDT", incoming message creation time is "September 7, 2019 5:30:00 PM CDT", configured agent expiry is 300 seconds, incoming message expiry is 120 seconds, effective message expiry (minimum of agent expiry and incoming message expiry) is 120 seconds, configured clock skew is 360 seconds. The acceptable time range is "September 7, 2019 5:24:00 PM CDT" to "September 7, 2019 5:38:00 PM CDT". The incoming message is outside the valid range as allowed by clock skew and expiry times.
Solution:
This is just a temp fix.
Set the parameters "clock skew" and "Message expiration time" as follows to high value
Enterprise Manager -> expand "WebLogic Domain" in the left pane -> right click on the domain name -> web services --> WSM Domain Configuration --> Message Security tab -> Under "Security Settings", set below values.
- Clock Skew -> 23400000msecs (6.5hrs)
- Message Expiration Time -> 23400000msecs (6.5hrs)