Integration With OAM: Decryption Operation Failed

(Doc ID 2353337.1)

Last updated on JANUARY 25, 2018

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

OAM SP initiated Federation is not working when use an encrypted SAML assertion.
Partner is IdP - MyPartnerSSO

When you use an unencrypted SAML assertion, Federation will work just fine.

Error showned in OAM logs:

1.
[2017-11-30T20:00:13.214+00:00] [oam_ms1] [ERROR] [FEDSTS-18003] [oracle.security.fed.eventhandler.fed.profiles.utils.CheckUtils] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000M0EWxlqCwkYf_p9Dh61Q867G00003g,0] [APP: oam_server#11.1.2.0.0] Assertion is not signed.

and

2.
[2018-01-02T20:41:55.313+00:00] [oam_ms1] [ERROR] [FEDSTS-18075] [oracle.security.fed.frontend.fed.translator.saml.SAMLProtocolMessageTranslator] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000M2says1CwkYf_p9Dh61QIy8k0000QM,0] [APP: oam_server#11.1.2.0.0] [DSID: 0000M2says1CwkYf_p9Dh61QIy8k0000QN] Decryption operation failed for message sent by provider ID MyPartnerSSO
[2018-01-02T20:41:55.313+00:00] [oam_ms1] [ERROR] [FEDSTS-12080] [oracle.security.fed.controller.library.api.FedEngineInstance] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000M2says1CwkYf_p9Dh61QIy8k0000QM,0] [APP: oam_server#11.1.2.0.0] [DSID: 0000M2says1CwkYf_p9Dh61QIy8k0000QN] RequestHandlerException: {0}[[
oracle.security.fed.frontend.fed.translator.MsgTranslationException: XML decryption operation failed.
at oracle.security.fed.frontend.fed.translator.saml.SAMLProtocolMessageTranslator.translateMessage(SAMLProtocolMessageTranslator.java:172)
at oracle.security.fed.frontend.fed.requesthandler.profiles.sp.AuthnResponseV20RequestHandler.generateEvent(AuthnResponseV20RequestHandler.java:68)
at oracle.security.fed.controller.frontend.action.RequestHandlerSupport.perform(RequestHandlerSupport.java:14)
at oracle.security.fed.controller.library.api.FedEngineInstance.processCall(FedEngineInstance.java:316)

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms