SAML Assertion Error Occurs When LDAP Is Configured With SSL Port 636
(Doc ID 2855035.1)
Last updated on AUGUST 16, 2023
Applies to:Oracle WebCenter Content: Imaging - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
Requirement: Convert SAML 2.0 based SP initiated authentication to use SSL based LDAP connection to ADFS.
There is a SAML assertion error when LDAP is configured with SSL port 636. This issue happens on a an Imaging system, which is part of Oracle WebCenter Content solution.
<Mar 2, 2022 4:59:49 PM EST> <Debug> <SecuritySAML2Service> <BEA-000000> <exception info
javax.security.auth.login.LoginException: [Security:090377]Identity Assertion Failed, weblogic.security.spi.IdentityAssertionException: [Security:090377]Identity Assertion Failed, weblogic.security.spi.IdentityAssertionException: [Security:096542]No NameID in assertion.
The LDAP ADFS is located remote as one of the primary Domain Controllers and has been NAT-ed from our Domain Controller, and port 636 and 389 have been allowed. The solution works fine when we use port 389 (non-SSL).
Implemented remote SAML 2.0-based authentication provider.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!