This discussion is archived
1 Reply Latest reply: Mar 13, 2013 6:09 PM by 774021 RSS

oracle/wss_saml_bearer_or_username_token_service_policy

Aacc Newbie
Currently Being Moderated
I have an application need to connect to UCM.
it was working when :
client side policy is:
oracle/wss10_saml_token_client_policy
and UCM side policy is:
oracle/wss_saml_or_username_token_service_policy

However, after change the UCM side policy to be
oracle/wss_saml_bearer_or_username_token_service_policy
and client(application) side policy:
oracle/wss_saml_token_bearer_client_policy

I got error:
Invalid Security: error in processing the WS-Security header

Am I using wrong policy? or is there anything missing for saml_token_beaer policy configuration on client side?
Thanks
  • 1. Re: oracle/wss_saml_bearer_or_username_token_service_policy
    774021 Newbie
    Currently Being Moderated
    I was trying to configure a Content Repository connection through JDeveloper and I faced this issue as well.
    I provided the security policy for client as below -

    JAX-WS Client Security Policy - oracle/wss11_saml_or_username_token_with_message_protection_service_policy.

    On attempting to connect to the UCM Server, I get the following error -

    oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid: WSM-01775 /null/null/default/WEBs/default/WEBSERVICECLIENTs/%7Bhttp%3A%2F%2Fidcnativews.webservices.idcservlet%2F%7DIdcWebLoginService/PORTs/IdcWebLoginPort The policy "oracle/wss11_saml_or_username_token_with_message_protection_service_policy" cannot be attached to ResourcePattern "/null/null/default/WEBs/default/WEBSERVICECLIENTs/%7Bhttp%3A%2F%2Fidcnativews.webservices.idcservlet%2F%7DIdcWebLoginService/PORTs/IdcWebLoginPort" SubjectType "WS_CLIENT" of attachTo "binding.client" since it may only be used with "a service endpoint".

    The WSDL in my case is http://slcac773.us.oracle.com:7012/idcnativews/IdcWebLoginPort?WSDL and hence is a valid service end point.

    As a side note, while providing the security policy name, it should not make any difference to provide "wss11_saml_or_username_token_with_message_protection_service_policy"

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points