1 Reply Latest reply: Mar 13, 2013 8:09 PM by 774021 RSS

    oracle/wss_saml_bearer_or_username_token_service_policy

    Aacc
      I have an application need to connect to UCM.
      it was working when :
      client side policy is:
      oracle/wss10_saml_token_client_policy
      and UCM side policy is:
      oracle/wss_saml_or_username_token_service_policy

      However, after change the UCM side policy to be
      oracle/wss_saml_bearer_or_username_token_service_policy
      and client(application) side policy:
      oracle/wss_saml_token_bearer_client_policy

      I got error:
      Invalid Security: error in processing the WS-Security header

      Am I using wrong policy? or is there anything missing for saml_token_beaer policy configuration on client side?
      Thanks
        • 1. Re: oracle/wss_saml_bearer_or_username_token_service_policy
          774021
          I was trying to configure a Content Repository connection through JDeveloper and I faced this issue as well.
          I provided the security policy for client as below -

          JAX-WS Client Security Policy - oracle/wss11_saml_or_username_token_with_message_protection_service_policy.

          On attempting to connect to the UCM Server, I get the following error -

          oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid: WSM-01775 /null/null/default/WEBs/default/WEBSERVICECLIENTs/%7Bhttp%3A%2F%2Fidcnativews.webservices.idcservlet%2F%7DIdcWebLoginService/PORTs/IdcWebLoginPort The policy "oracle/wss11_saml_or_username_token_with_message_protection_service_policy" cannot be attached to ResourcePattern "/null/null/default/WEBs/default/WEBSERVICECLIENTs/%7Bhttp%3A%2F%2Fidcnativews.webservices.idcservlet%2F%7DIdcWebLoginService/PORTs/IdcWebLoginPort" SubjectType "WS_CLIENT" of attachTo "binding.client" since it may only be used with "a service endpoint".

          The WSDL in my case is http://slcac773.us.oracle.com:7012/idcnativews/IdcWebLoginPort?WSDL and hence is a valid service end point.

          As a side note, while providing the security policy name, it should not make any difference to provide "wss11_saml_or_username_token_with_message_protection_service_policy"