My Oracle Support Banner

SAML Assertion Error Occurs When LDAP Is Configured With SSL Port 636 (Doc ID 2855035.1)

Last updated on MARCH 15, 2022

Applies to:

Oracle WebCenter Content: Imaging - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms

Requirement: Convert SAML 2.0 based SP initiated authentication to use SSL based LDAP connection to ADFS.

There is a SAML assertion error when LDAP is configured with SSL port 636.  This issue happens on a an Imaging system, which is part of Oracle WebCenter Content solution.

<Mar 2, 2022 4:59:49 PM EST> <Debug> <SecuritySAML2Service> <BEA-000000> <[Security:090377]Identity Assertion Failed, weblogic.security.spi.IdentityAssertionException: [Security:090377]Identity Assertion Failed, weblogic.security.spi.IdentityAssertionException: [Security:096542]No NameID in assertion.>
<Mar 2, 2022 4:59:49 PM EST> <Debug> <SecuritySAML2Service> <BEA-000000> <exception info
javax.security.auth.login.LoginException: [Security:090377]Identity Assertion Failed, weblogic.security.spi.IdentityAssertionException: [Security:090377]Identity Assertion Failed, weblogic.security.spi.IdentityAssertionException: [Security:096542]No NameID in assertion.

The LDAP ADFS is located remote as one of the primary Domain Controllers and has been NAT-ed from our Domain Controller, and port 636 and 389 have been allowed. The solution works fine when we use port 389 (non-SSL).

Changes

Implemented remote SAML 2.0-based authentication provider.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.