My Oracle Support Banner

Audience URI Not Working with OWSM Policy 'oracle/wss_saml_bearer_or_username_token_service_policy' attached to WebCenter Content Web Service. (Doc ID 2128504.1)

Last updated on APRIL 20, 2016

Applies to:

Oracle Web Services Manager - Version and later
Information in this document applies to any platform.


Using the OWSM policy 'oracle/wss_saml_bearer_or_username_token_service_policy' attached to an Oracle WebCenter Content service.

The absolute URI being used in this case - https://rmstest/idcws/SoapGenericPort doesn't work because rmstest is a cluster address and not mapped to a single host name.  The SAML audience URI must contain the hostname and the port of a running server, for example


this works on a single server.

However, in a cluster it is not possible to use this absolute SAML URI nor is it possible to use relative SAML audience uris for this scenario.

Error MEssage
Caused by: FAULT CODE: InvalidSecurityToken FAULT MESSAGE: Audience URI for SAML assertion is invalid.
... 70 more


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.