InValidNameIDPolicy Error With Windows NameID Format After Upgrade to OIF 184.108.40.206.0
(Doc ID 1908616.1)
Last updated on MARCH 08, 2017
Applies to:Oracle Identity Federation - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
Oracle Identity Federation (OIF) 18.104.22.168 was patched to 22.214.171.124.
OIF as Identity Provider (IdP) is configured with multiple Service Providers (SPs) which use different NameID formats for federation e.g. emailAddress, Windows Domain Qualified Name, Unspecified etc.
Since upgrading to 126.96.36.199 all SSO logins with one specific SP are failing. Users are redirected either to an application error page due to failed authentication or error HTTP-500 Internal Server Error is displayed.
When SAML Response sent by OIF to the SP is decoded the error Status "Invalid NameID Policy" is seen.
SSO with other SPs is working as before.
The problem SP is configured to use Windows Domain Qualified Name ID Format.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.|