Release NotesSOA Security Manager Release NotesKnown IssuesGeneral Issues › SOA Agents and XML Agents Use Incompatible Algorithms for Signing SAML Assertions (60678)

Previous Topic: Policy Server JVM Initialization Failure (61775)

Next Topic: SOA Security Manager Fails To Generate WS-Security Headers Using RSA-OAEP Encryption (70408)
SOA Agents and XML Agents Use Incompatible Algorithms for Signing SAML Assertions (60678)

Due to differences between the encryption algorithms embedded within SOA Security Manager r12 SOA Agents (including the SOA Security Gateway) and earlier TransactionMinder XML Agents, SAML assertions (in both SAML Session Tickets and WS-Security SAML tokens) signed by XML Agents cannot be verified in SOA Security Manager and SAML assertions signed within SOA Security Manager cannot be verified by TransactionMinder.

Normal XML signing does work between TransactionMinder and SOA Security Manager.

Workaround

Do not implement chain or multistep authentication service models using signed SAML assertions where all agents in the flow are not at the same product level (that is, all SOA Agents or all XML Agents).