SAML ASSERTION REFERENCED FROM STR CANNOT INTEROP WITH MSFT (Doc ID 1202323.1)

Last updated on NOVEMBER 05, 2016

Applies to:

Oracle Weblogic Server - Version 10.3.2 and later
Information in this document applies to any platform.

Symptoms

• WLS 10.3.1 or 10.3.2
• .NET 3.5 client side

A web service consumer migrated from WLS 10.3.1 (which worked correctly with the .NET server side) to WLS 10.3.2 causes a failure from the .NET side:

<s:Fault>
<faultcode xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="">a:InvalidSecurity</faultcode>
<faultstring xml:lang="en-GB" xmlns="">An error occurred when verifying security for the message.</faultstring>
</s:Fault>

because it adds a new part of the security header:

<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" wsu:Id="str_q4KaAidTPi5vB13F">
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_8f0dbe3c30f572e8ac3be7a72e500737
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms