Security token could not be authenticated returned in a SOAP Fault when using SAML assertions

Troubleshooting

Problem

You receive a SOAP Fault when using Security Assertion Markup Language (SAML) assertions with the CICS Transaction Server for z/OS (CICS TS) Security Token Extensions Feature Pack. If a SAML Token is invalid, the linkable interface DFHSAML returns 1 in DFHSAML-RESPONSE container. This document provides some of the problems that can make a SAML Token invalid, and helps you determine what the root cause is.

Symptom

The end user of the webservice will typically receive a SOAP Fault like the following:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-sece…" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"> <SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode>wsse:FailedAuthentication</faultcode> <faultstring>A security token could not be authenticated</faultstring> </SOAP-ENV:Fault> </SOAP-ENV:Body> </SOAP-ENV:Envelope>

[{"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"Security Token Extensions","Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"5.1;4.2","Edition":"","Line of Business":{"code":"LOB70","label":"Z TPS"}}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Tips

Security token could not be authenticated returned in a SOAP Fault when using SAML assertions

Troubleshooting

Problem

Symptom

Log InLog in to view more of this document

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?