SSO: "Access Denied, Invalid assertion" Error After Applying For A Job In Taleo Social Sourcing
(Doc ID 2340323.1)
Last updated on OCTOBER 17, 2019
Applies to:
Oracle Taleo Social Sourcing Cloud Service - Version N/A and laterOracle Taleo Platform Cloud Service - SmartOrg (Central Configuration) - Version 15A and later
Information in this document applies to any platform.
Symptoms
In a Taleo Social Sourcing (TSS) and Taleo Enterprise (OTAC / TEE) integrated environment configured with SSO, applying for a job in TSS results in an "Access Denied, Invalid assertion" error.
Changes
- There is a stand-alone SSO configuration between their internal IdP (identity provider) and both the TSS and TEE zones.
- The TSS Zone is not Akamai enabled, but the TEE Zone is.
- The Assertion Consumer Service URL Endpoints within the IdP configuration are TAS-prefixed (Akamai)
- The SAML Request includes the following AuthnRequest value:
<saml2p:AuthnRequest AssertionConsumerServiceURL="https://zone.taleo.net/careersection/SamlAssertionConsumerService.jss" Destination="https://integration.ballers.com/idp/SSO.saml2"
- The assertion from the SAML Response includes the following Destination URL (in the header) and Status Message (in the footer):
Destination="https://tas-[zone].taleo.net/careersection/SamlAssertionConsumerService.jss" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<samlp:StatusMessage>Unknown AssertionConsumerServic
eURL https://[zone].taleo.net/careersection/SamlAssertionConsumerService.jss</samlp:StatusMessage>
<samlp:StatusMessage>Unknown AssertionConsumerServic
eURL https://[zone].taleo.net/careersection/SamlAssertionConsumerService.jss</samlp:StatusMessage>
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |