Opensso Fedlet Sp Fails To Validate SAML Response (Doc ID 1664234.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Identity Federation - Version 11.1.1.4.0 and later
Information in this document applies to any platform.

Symptoms

Getting an error when fedlet try to process SAML Response

SPACSUtils.processResponseForFedlet
com.sun.identity.saml2.common.SAML2Exception: The Reference for URI #id-CVaEObcioU5PAQdyzGc3L-QdnEI- has no XMLSignatureInput
        at com.sun.identity.saml2.xmlsig.FMSigProvider.verify(FMSigProvider.java:347)
        at com.sun.identity.saml2.assertion.impl.AssertionImpl.isSignatureValid(AssertionImpl.java:650)
        at com.sun.identity.saml2.common.SAML2Utils.verifyResponse(SAML2Utils.java:556)
        at com.sun.identity.saml2.profile.SPACSUtils.processResponse(SPACSUtils.java:1049)
        at com.sun.identity.saml2.profile.SPACSUtils.processResponseForFedlet(SPACSUtils.java:2044)
        at com.fanniemae.esso.saml2.FmSAML2IdentityAsserter.invokeFedlet(FmSAML2IdentityAsserter.java:357)

Fedlet SP works fine with JDK 1.7.0_24 or lower versions. But fails JDK 1.7.0_25 or above versions because of a JDK fix for XML signatures.
Documentation found at http://www.oracle.com/technetwork/java/javase/7u25-relnotes-1955741.html#sec-val.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms