Skip to main content

Shibboleth Weblogic SAML2 identity provider making it work [Work in progress...]

I am busy configuring a Weblogic Service Provider that talks to a Shibboleth implementation using SAML2 and this is a log of the problems (mostly with me) I have encountered:

Problem number 1) Unsupported binding type received: urn:mace:shibboleth:1.0:profiles:AuthnRequest

For this I had to remove the entry <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://server/idp/profile/Shibboleth/SSO"/> in the metadata file I received from my idp and re upload to the  Identity Provider Partners  section in weblogic.

This was the stack trace:
SecuritySAML2Service  exception info
com.bea.security.saml2.binding.BindingHandlerException: Unsupported binding type received: urn:mace:shibboleth:1.0:profiles:AuthnRequest
at com.bea.security.saml2.binding.BindingHandlerFactory.newBindingSender(BindingHandlerFactory.java:53)
at com.bea.security.saml2.service.AbstractService.getSender(AbstractService.java:75)
at com.bea.security.saml2.service.spinitiator.SPInitiatorImpl.process(SPInitiatorImpl.java:170)
at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:26)
at $Proxy51.process(Unknown Source)
at com.bea.security.saml2.servlet.SAML2Filter.doFilter(SAML2Filter.java:49)
at weblogic.servlet.security.internal.AuthFilterChain.doFilter(AuthFilterChain.java:37)
at weblogic.servlet.security.internal.SecurityModule$ServletAuthenticationFilterAction.run(SecurityModule.java:645)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.security.internal.SecurityModule.invokeAuthFilterChain(SecurityModule.java:534)
at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:224)
at weblogic.servlet.security.internal.FormSecurityModule.checkAccess(FormSecurityModule.java:96)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:82)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2213)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

Comments

  1. Have you gotten Weblogic to work with Shibb as SAML 2 id provider? We are trying to do same, particularly to be able to implement authorization group assertion.

    ReplyDelete
  2. Yes, got it working but no authorization group assertions though sorry

    ReplyDelete
  3. Did you have to change the IdP or the weblogic config?

    ReplyDelete
  4. What change was done on the IDP side to get this working?

    ReplyDelete
  5. Just reloaded the certificates we produced and reloaded in Shibboleth. Then took the IDP config file made the change and reuploaded in weblogic

    ReplyDelete

Post a Comment

Popular posts from this blog

MANIFEST.MF merge JDeveloper for an executable jar

Goto your project > properties. Then click on deployment in the menu. Edit or add a jar deployment profile. Fill in the details under jar options (select Include manifest and give it a main class name) Also remember that the merge functionality only works with a BLANK line at the end of the merge file. REALLY this caught me. My merge file contents: Class-Path: commons-codec-1.3.jar [...empty line here CRLF...]

JBO-25013: TooManyObjectsException

oracle.jbo.TooManyObjectsException: JBO-25013: Too many objects match the primary key oracle.jbo.Key[Key null ]. Ok so for you it may be trying to insert a duplicate record this should explain your problem (also check trigger they could be the cause.) NOTE: You can also try to create a new duplicate EO if you have a page with two VO's using the same EO. This could sort your problems. For me I needed to add a launch listener on my LOV and clear the cache of my vo. LOV <af:inputListOfValues id="NameId" popupTitle="#{bindings.Name.hints.label}" value="#{bindings.RolName1.inputValue}" label="#{bindings.RolName1.hints.label}" model="#{bindings.RolName1.listOfValuesModel}" required="#{bindings.RolName1.hints.mandatory}" columns="#{bindings.RolName1.hints.displayWidth}" shortDesc="#{bindings.RolName1.hints.tooltip}" launchPopupListener="#{backingBeanScope.backingBean.launchPop...

ADF Encountered deferred syntax #{ in template text.

OracleJSP error: oracle.jsp.parse.JspParseException:  Error: Encountered deferred syntax #{ in template text.  If intended as a literal, escape it or set directive  deferredSyntaxAllowedAsLiteral This normally happens when you have some tag lib dependancy problems but this was  not the case for me... My problem: For some reason my model project had web stuff in it(public html etc)  so I had to remove the public html stuff from my project and manually edit the Model.jpr project file and remove the tag lib entries at the bottom o the file. Go figure.