SAML Authentication Security Token Fails To Validate Between WSRP Consumer And Producer (Doc ID 1207318.1)

Last updated on JULY 10, 2017

Applies to:

Oracle WebLogic Portal - Version 9.2.0 and later
Information in this document applies to any platform.

Symptoms

SAML authentication is used between a WebLogic Portal (WLP) source (consumer) domain and a WebLogic Server (WLS) destination (producer) domain.  A WLP application is running on the source domain and a Web Service is running on the destination domain.  When the Web Service is invoked from a page flow controller in the portal application the destination WebLogic Server throws the following security token validation error.

Error Message:

com.bea.control.ServiceControlException: <xml-fragment><faultcode xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
oas:InvalidSecurityToken</faultcode><faultstring>Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult@b33b01[status: false][msg The SAML token is not valid.]</faultstring><faultactor xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/></xml-fragment>[weblogic.wsee.jws.wlw.SoapFaultException]
at com.bea.control.servicecontrol.impl.ServiceControlImpl.invoke(ServiceControlImpl.java:652)
at com.test..csadminservice.servicecontrol.AdministrationServiceControlBean.retrieveUserDetails(AdministrationServiceControlBean.java:140)
at com.test..authentication.util.LDAPHelper.getAttributes(LDAPHelper.java:314)
at com.test..authentication.util.LDAPHelper.getUserAttributesForFirmUsers(LDAPHelper.java:434)
at com.test..authentication.ui.controller.authentication.AuthenticationController.getLDAPAttributes(AuthenticationController.java:1012)
at com.test..authentication.ui.controller.authentication.AuthenticationController.processAuthenticatedActiveUser(AuthenticationController.java:1086)
at com.test..authentication.ui.controller.authentication.AuthenticationController.processAuthenticatedUser(AuthenticationController.java:582)
at com.test..authentication.ui.controller.authentication.AuthenticationController.login(AuthenticationController.java:438)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:869)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:808)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:477)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:305)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:335)


The issue can be reproduced with the following steps:
1. Create a WLS domain and deploy a web service.
2. Create a WLP domain and deploy a portal application.
3. Invoke the web service using a pageflow controller in the portal application.
4. The Invalid SAML token error is thrown.

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms