SAML Authentication with Oracle 11g SP2 Security Header Order Certificate Exception: Referenced Security Token Could not be Retrieved (Doc ID 1343013.1)

Last updated on MARCH 30, 2016

Applies to:

Oracle Web Services Manager - Version 11.1.1.4.0 and later
Information in this document applies to any platform.

Symptoms


When calling a .NET web service from a SOA Composite with a OWSM message security policy, a security failure is received back from the service. It says it cannot find the certificate even though it is installed on the server. It was determined that the order of the Signature and BinarySecurityToken elements in the header is causing the problem. The error received is:

<soap:Header>
<wsa:Action>
http://schemas.xmlsoap.org/ws/2004/03/addressing/fault</wsa:Action>
<wsa:MessageID>
uuid:1752a20f-05cb-492d-9b73-39d250e566a4</wsa:MessageID>
<wsa:RelatesTo>
uuid:fb2c2f49-b922-4624-8fec-2ef957434b49</wsa:RelatesTo>
<wsa:To>
http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:To>
<wsse:Security>
<wsu:Timestamp wsu:Id="Timestamp-6473026f-5f6f-43ed-816a-6eb2cb44b29c">

<wsu:Created>2011-07-12T00:09:42Z</wsu:Created>
<wsu:Expires>2011-07-12T00:14:42Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body>
<soap:Fault>
<faultcode xmlns:code="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
code:SecurityTokenUnavailable</faultcode>
<faultstring>Referenced security token could not be
retrieved</faultstring>
<faultactor>
http://sdpfesweb.aescf.us.aexp.com/PT_Recovery_SPE04353/InquireAccountV2.asmx</faultactor>
</soap:Fault>
</soap:Body>
</soap:Envelope>

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms