Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SAML 2.0 Security Token Reference cannot be resolved

Former Member

‎2011 Aug 08 3:26 PM

0 Likes
458

Hi,

I am trying to send a SAML 2.0 token to SAP Portal 7.3 EHP 2 using the sender-vouches confirmation method.

My message is signed by my client application. The signature references 3 parts:

1) a security token reference which in turn points to my SAML assertion (using STR transform)

2) the bdoy (using c14n transform)

3) the timestamp (using c14n transform)

Collecting some WS-Security trace, I can see the following:


Exception : Security Token Reference transform could not resolve token: <yq1:SecurityTokenReference yq2:Id='wssecurity_signature_id_23' xmlns:yq2='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' xmlns:yq1='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'><yq1:KeyIdentifier ValueType='http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID'>Assertion-uuida9c3e36a-0131-11fd-bfea-f4ca184fc662</yq1:KeyIdentifier></yq1:SecurityTokenReference>
java.lang.Exception
at com.sap.exception.BaseExceptionInfo.traceAutomatically(BaseExceptionInfo.java:1230)
at com.sap.exception.BaseExceptionInfo.<init>(BaseExceptionInfo.java:147)
at com.sap.exception.io.SAPIOException.<init>(SAPIOException.java:63)
at com.sap.engine.services.wssec.wsse.STRCanonicalizationWriter.doSTRTransform(STRCanonicalizationWriter.java:228)
at com.sap.engine.services.wssec.wsse.STRCanonicalizationWriter.leave(STRCanonicalizationWriter.java:152)
at com.sap.engine.services.wssec.xmlsecurity.signature.verification.ReferenceDispatcherReader.handleCode(ReferenceDispatcherReader.java:315)
at com.sap.engine.services.wssec.xmlsecurity.signature.verification.ReferenceDispatcherReader.next(ReferenceDispatcherReader.java:186)
at com.sap.engine.services.wssec.xmlsecurity.signature.verification.VerifyTokenReaderImpl.next(VerifyTokenReaderImpl.java:501)
at com.sap.engine.services.wssec.wsse.WSSecurityContext.init(WSSecurityContext.java:429)

Assertion-uuida9c3e36a-0131-11fd-bfea-f4ca184fc662 is the ID of my SAML assertion.

Using the same configuration in my client app, but sending a SAML 1.1 token passes this step.

Is there any trace I can enable to further debug this issue?

Has anybody encountered the same issue before?

Thanks

Jens

1 REPLY 1
Read only

former_member269672
Explorer

‎2011 Sep 20 2:30 PM

0 Likes
393

Hi Jens,

Have you tried collecting traces using SAP Note [Troubleshooting Wizard|https://service.sap.com/sap/support/notes/1332726] with incident "WebServices Security"? You may find more information.

Best regards,

Desislava