SSO: "Access Denied, Invalid assertion" Error After Applying For A Job In Taleo Social Sourcing
Last updated on JANUARY 02, 2018
Applies to:
Oracle Taleo Platform Cloud Service - SmartOrg (Central Configuration) - Version 15A and laterOracle Taleo Social Sourcing Cloud Service - Version N/A and later
Information in this document applies to any platform.
Symptoms
In a Taleo Social Sourcing (TSS) and Taleo Enterprise (OTAC / TEE) integrated environment configured with SSO, applying for a job in TSS results in an "Access Denied, Invalid assertion" error.
Changes
- There is a stand-alone SSO configuration between their internal IdP (identity provider) and both the TSS and TEE zones.
- The TSS Zone is not Akamai enabled, but the TEE Zone is.
- The Assertion Consumer Service URL Endpoints within the IdP configuration are TAS-prefixed (Akamai)
- The SAML Request includes the following AuthnRequest value:
<saml2p:AuthnRequest AssertionConsumerServiceURL="https://zone.taleo.net/careersection/SamlAssertionConsumerService.jss" Destination="https://intergration.ballers.com/idp/SSO.saml2"
- The assertion from the SAML Response includes the following Destination URL (in the header) and Status Message (in the footer):
Destination="https://tas-[zone].taleo.net/careersection/SamlAssertionConsumerService.jss" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<samlp:StatusMessage>Unknown AssertionConsumerServic
eURL https://[zone].taleo.net/careersection/SamlAssertionConsumerService.jss</samlp:StatusMessage>
<samlp:StatusMessage>Unknown AssertionConsumerServic
eURL https://[zone].taleo.net/careersection/SamlAssertionConsumerService.jss</samlp:StatusMessage>
Cause
Sign In with your My Oracle Support account |
|
Don't have a My Oracle Support account? Click to get started |
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms