Skip Navigation
Invalid saml assertion in security header.
Answer ID 9639   |   Last Review Date 11/04/2018

Why am I seeing an error in the .NET console indicating "Invalid saml assertion in security header." when SAML/SSO is not enabled for my site?


Oracle B2C Service, Product listing


When user logs into console or (otherwise runs Addin within console) I am seeing this error:

Click to Enlarge

Click to enlarge image


This error may be an indication there are AddIns running on the site that require Public SOAP API permissions. It is common to code addins to use the credentials of the agent running the AddIn (the agent logging into the console) and therefore adding Public SOAP API permission to the affected account profiles may resolve the issue. Further, disabling the interface permissions for suspected AddIns will also resolve such an issue.