https://community.sap.com/t5/application-development-and-automation-discussions/saml-2-0-security-token-reference-cannot-be-resolved/m-p/8013535#M1607999 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I am trying to send a SAML 2.0 token to SAP Portal 7.3 EHP 2 using the sender-vouches confirmation method.</P><P>My message is signed by my client application. The signature references 3 parts: </P><P>1) a security token reference which in turn points to my SAML assertion (using STR transform)</P><P>2) the bdoy (using c14n transform)</P><P>3) the timestamp (using c14n transform)</P><P></P><P>Collecting some WS-Security trace, I can see the following:</P><PRE><CODE> Exception : Security Token Reference transform could not resolve token: &lt;yq1:SecurityTokenReference yq2:Id='wssecurity_signature_id_23' xmlns:yq2='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' xmlns:yq1='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'&gt;&lt;yq1:KeyIdentifier ValueType='http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID'&gt;Assertion-uuida9c3e36a-0131-11fd-bfea-f4ca184fc662&lt;/yq1:KeyIdentifier&gt;&lt;/yq1:SecurityTokenReference&gt; java.lang.Exception at com.sap.exception.BaseExceptionInfo.traceAutomatically(BaseExceptionInfo.java:1230) at com.sap.exception.BaseExceptionInfo.&lt;init&gt;(BaseExceptionInfo.java:147) at com.sap.exception.io.SAPIOException.&lt;init&gt;(SAPIOException.java:63) at com.sap.engine.services.wssec.wsse.STRCanonicalizationWriter.doSTRTransform(STRCanonicalizationWriter.java:228) at com.sap.engine.services.wssec.wsse.STRCanonicalizationWriter.leave(STRCanonicalizationWriter.java:152) at com.sap.engine.services.wssec.xmlsecurity.signature.verification.ReferenceDispatcherReader.handleCode(ReferenceDispatcherReader.java:315) at com.sap.engine.services.wssec.xmlsecurity.signature.verification.ReferenceDispatcherReader.next(ReferenceDispatcherReader.java:186) at com.sap.engine.services.wssec.xmlsecurity.signature.verification.VerifyTokenReaderImpl.next(VerifyTokenReaderImpl.java:501) at com.sap.engine.services.wssec.wsse.WSSecurityContext.init(WSSecurityContext.java:429) </CODE></PRE><P>Assertion-uuida9c3e36a-0131-11fd-bfea-f4ca184fc662 is the ID of my SAML assertion.</P><P></P><P>Using the same configuration in my client app, but sending a SAML 1.1 token passes this step.</P><P>Is there any trace I can enable to further debug this issue?</P><P>Has anybody encountered the same issue before?</P><P></P><P>Thanks</P><P>Jens</P></BODY></HTML> Mon, 08 Aug 2011 14:26:56 GMT Former Member 2011-08-08T14:26:56Z https://community.sap.com/t5/application-development-and-automation-discussions/saml-2-0-security-token-reference-cannot-be-resolved/m-p/8013535#M1607999 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I am trying to send a SAML 2.0 token to SAP Portal 7.3 EHP 2 using the sender-vouches confirmation method.</P><P>My message is signed by my client application. The signature references 3 parts: </P><P>1) a security token reference which in turn points to my SAML assertion (using STR transform)</P><P>2) the bdoy (using c14n transform)</P><P>3) the timestamp (using c14n transform)</P><P></P><P>Collecting some WS-Security trace, I can see the following:</P><PRE><CODE> Exception : Security Token Reference transform could not resolve token: &lt;yq1:SecurityTokenReference yq2:Id='wssecurity_signature_id_23' xmlns:yq2='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' xmlns:yq1='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'&gt;&lt;yq1:KeyIdentifier ValueType='http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID'&gt;Assertion-uuida9c3e36a-0131-11fd-bfea-f4ca184fc662&lt;/yq1:KeyIdentifier&gt;&lt;/yq1:SecurityTokenReference&gt; java.lang.Exception at com.sap.exception.BaseExceptionInfo.traceAutomatically(BaseExceptionInfo.java:1230) at com.sap.exception.BaseExceptionInfo.&lt;init&gt;(BaseExceptionInfo.java:147) at com.sap.exception.io.SAPIOException.&lt;init&gt;(SAPIOException.java:63) at com.sap.engine.services.wssec.wsse.STRCanonicalizationWriter.doSTRTransform(STRCanonicalizationWriter.java:228) at com.sap.engine.services.wssec.wsse.STRCanonicalizationWriter.leave(STRCanonicalizationWriter.java:152) at com.sap.engine.services.wssec.xmlsecurity.signature.verification.ReferenceDispatcherReader.handleCode(ReferenceDispatcherReader.java:315) at com.sap.engine.services.wssec.xmlsecurity.signature.verification.ReferenceDispatcherReader.next(ReferenceDispatcherReader.java:186) at com.sap.engine.services.wssec.xmlsecurity.signature.verification.VerifyTokenReaderImpl.next(VerifyTokenReaderImpl.java:501) at com.sap.engine.services.wssec.wsse.WSSecurityContext.init(WSSecurityContext.java:429) </CODE></PRE><P>Assertion-uuida9c3e36a-0131-11fd-bfea-f4ca184fc662 is the ID of my SAML assertion.</P><P></P><P>Using the same configuration in my client app, but sending a SAML 1.1 token passes this step.</P><P>Is there any trace I can enable to further debug this issue?</P><P>Has anybody encountered the same issue before?</P><P></P><P>Thanks</P><P>Jens</P></BODY></HTML> Mon, 08 Aug 2011 14:26:56 GMT https://community.sap.com/t5/application-development-and-automation-discussions/saml-2-0-security-token-reference-cannot-be-resolved/m-p/8013535#M1607999 Former Member 2011-08-08T14:26:56Z https://community.sap.com/t5/application-development-and-automation-discussions/saml-2-0-security-token-reference-cannot-be-resolved/m-p/8013536#M1608000 <HTML><HEAD></HEAD><BODY><P>Hi Jens,</P><P></P><P>Have you tried collecting traces using SAP Note [Troubleshooting Wizard|https://service.sap.com/sap/support/notes/1332726] with incident "WebServices Security"? You may find more information.</P><P></P><P>Best regards,</P><P> Desislava</P></BODY></HTML> Tue, 20 Sep 2011 13:30:21 GMT https://community.sap.com/t5/application-development-and-automation-discussions/saml-2-0-security-token-reference-cannot-be-resolved/m-p/8013536#M1608000 former_member269672 2011-09-20T13:30:21Z