Opensso Fedlet Sp Fails To Validate SAML Response

(Doc ID 1664234.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Identity Federation - Version and later
Information in this document applies to any platform.


Getting an error when fedlet try to process SAML Response

com.sun.identity.saml2.common.SAML2Exception: The Reference for URI #id-CVaEObcioU5PAQdyzGc3L-QdnEI- has no XMLSignatureInput
        at com.sun.identity.saml2.xmlsig.FMSigProvider.verify(
        at com.sun.identity.saml2.assertion.impl.AssertionImpl.isSignatureValid(
        at com.sun.identity.saml2.common.SAML2Utils.verifyResponse(
        at com.sun.identity.saml2.profile.SPACSUtils.processResponse(
        at com.sun.identity.saml2.profile.SPACSUtils.processResponseForFedlet(
        at com.fanniemae.esso.saml2.FmSAML2IdentityAsserter.invokeFedlet(

Fedlet SP works fine with JDK 1.7.0_24 or lower versions. But fails JDK 1.7.0_25 or above versions because of a JDK fix for XML signatures.
Documentation found at


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms