ORA-30518 : Error in identity propagation When calling TaskQueryService using wss10_saml_token_client_policy With SAML Port

<faultType>1</faultType>          <processingErrorFault xmlns="http://xmlns.oracle.com/bpel/workflow/taskQueryService">             <part name="payload">                <taskQueryServiceFaultResponse>                   <message>ORA-30518:exception.code:30518 exception.type: ERROR exception.severity: 2 exception.name: Error in identity propagation. exception.description: The user identity is not propagated to service while  workflow context or user name is null in the request. exception.fix: Ensure that correct security policy is used. Check underlying exception. If the error persists, contact Oracle Support Services. </message>                </taskQueryServiceFaultResponse>             </part>          </processingErrorFault>       </bpelFault>    </fault>    <faultType>

You get the above error when you are using TaskQueryService using SAML client policy and not passing credential in workflowContext of TaskQueryService request.

If you are calling this service where in your BPEL, and its is getting initiated from Queue or you are not expecting any details passed in from context.

This means that you need to generate your own saml token to authenticate the TaskQueryService.

Here in this case when you add wss10_saml_token_client_policy to TaskQueryService reference, your subject.precendece will be false and you need to create basic.credentials CSF key in EM console and enforce it to use.

1.Create basic.credentials CSF key in EM console
Right Click on domain under Weblogic Domain and follow below steps



Create Map


Select Map and click on Create key
 

Project Structure looks like below :


You can set policy configuration in Jdev or from Console.

To set it from console follow :
Go to project where taskQuery is getting used.
•    Open the process
•    Click On dashboard in Services and References
•    Click the TaskService References
•    Click Policies
•    Select policy
•    Click “Override Policy Configuration”
•    Set new csf-key  and subject.precendece false
•    Click Apply




As we are using our own CSF key to generate SAML token, we have to provide WSIdentityPermission to our soa project and taskQuery reference.

• Go to em console
• Right click weblogic_domain and select Security -> System Policies
• Search for name Includes "wsm-agent-core" and select the below and edit
• file:${common.components.home}/modules/oracle.wsm.common_12.1.3/wsm-agent-core.jar
• enter the following details:
• Permission class: oracle.wsm.security.WSIdentityPermission
• Resource Name: YourProjectName
• Permission Actions: assert
• Repeat the above steps once again just changing Resource name as below
• Permission class: oracle.wsm.security.WSIdentityPermission
• Resource Name: resource= YourProjectName
• Permission Actions: assert 

• Restart the full server and test it. 

Refere below screenshots for above steps :