My Oracle Support Banner

WLS 10.3 - SAML 2 authentication failed, resulting in SOAP fault due to HTTP 500 (Doc ID 1092004.1)

Last updated on OCTOBER 09, 2020

Applies to:

Oracle WebLogic Server - Version 10.3 and later
Information in this document applies to any platform.


A Webservice and client using SAML 2 authentication which was tested to work fine in Glassfish 2.1.1 after deploying on WLS 10.3 fails, when the client on Glassfish invokes the Webservice (on WLS), it fails with SOAP fault due to HTTP 500 error, as below:

<WSEE:12>set Message called: weblogic.xml.saaj.SOAPMessageImpl@6516e2<SoapMessageContext.setMessage:64>
** S T A R T R E S P O N S E O U T P U T S T R E A M **

---[HTTP response 500]---
<?xml version='1.0' encoding='UTF-8'?><env:Envelope xmlns:env=""><env:Body><env:Fault xmlns:wsse=""><faultcode>wsse:InvalidSecurity</faultcode><faultstring>weblogic.xml.crypto.api.MarshalException: weblogic.xml.dom.marshal.MarshalException: Failed to unmarshal {}SecurityTokenReference, no SecurityTokenReference factory found for {}KeyIdentifierValueType:</faults.tring></env:Fault></env:Body></env:Envelope>--------------------
<?xml version='1.0' encoding='UTF-8'?><env:Envelope xmlns:env=""><env:Body><env:Fault xmlns:wsse=""><faultcode>wsse:InvalidSecurity</faultcode><faultstring>weblogic.xml.crypto.api.MarshalException:weblogic.xml.dom.marshal.MarshalException: Failed to unmarshal {}SecurityTokenReference, no SecurityTokenReference factory found for {}KeyIdentifier ValueType:</faultstring></env:Fault></env:Body></env:Envelope>
** E N D R E S P O N S E O U T P U T S T R E A M **
ContentType= text/xml;charset="utf-8"
CharacterEncoding= utf-8
<WSEE:12>*** JAXWS post finish ***<>

WLS has been configured according to the docs for configuring SAML 2, including the following settings via admin console:

The following debug flags were also turned on, in order to collect required diagnostics:


No custom authentication is used, with everything using WLS defaults.  The SAML 2 tokens are generated by Sun Metro.




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.