SAML Assertion Error Occurs When LDAP Is Configured With SSL Port 636
(Doc ID 2855035.1)
Last updated on AUGUST 16, 2023
Applies to:
Oracle WebCenter Content: Imaging - Version 11.1.1.9.0 and laterInformation in this document applies to any platform.
Symptoms
Requirement: Convert SAML 2.0 based SP initiated authentication to use SSL based LDAP connection to ADFS.
There is a SAML assertion error when LDAP is configured with SSL port 636. This issue happens on a an Imaging system, which is part of Oracle WebCenter Content solution.
<Mar 2, 2022 4:59:49 PM EST> <Debug> <SecuritySAML2Service> <BEA-000000> <[Security:090377]Identity Assertion Failed, weblogic.security.spi.IdentityAssertionException: [Security:090377]Identity Assertion Failed, weblogic.security.spi.IdentityAssertionException: [Security:096542]No NameID in assertion.>
<Mar 2, 2022 4:59:49 PM EST> <Debug> <SecuritySAML2Service> <BEA-000000> <exception info
javax.security.auth.login.LoginException: [Security:090377]Identity Assertion Failed, weblogic.security.spi.IdentityAssertionException: [Security:090377]Identity Assertion Failed, weblogic.security.spi.IdentityAssertionException: [Security:096542]No NameID in assertion.
<Mar 2, 2022 4:59:49 PM EST> <Debug> <SecuritySAML2Service> <BEA-000000> <exception info
javax.security.auth.login.LoginException: [Security:090377]Identity Assertion Failed, weblogic.security.spi.IdentityAssertionException: [Security:090377]Identity Assertion Failed, weblogic.security.spi.IdentityAssertionException: [Security:096542]No NameID in assertion.
The LDAP ADFS is located remote as one of the primary Domain Controllers and has been NAT-ed from our Domain Controller, and port 636 and 389 have been allowed. The solution works fine when we use port 389 (non-SSL).
Changes
Implemented remote SAML 2.0-based authentication provider.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |