Skip to main content

Shibboleth Weblogic SAML2 identity provider making it work [Work in progress...]

I am busy configuring a Weblogic Service Provider that talks to a Shibboleth implementation using SAML2 and this is a log of the problems (mostly with me) I have encountered:

Problem number 1) Unsupported binding type received: urn:mace:shibboleth:1.0:profiles:AuthnRequest

 For this I had to remove the entry <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://server/idp/profile/Shibboleth/SSO"/> in the metadata file I received from my idp and re upload to the  Identity Provider Partners  section in weblogic.

This was the stack trace:
SecuritySAML2Service  exception info
com.bea.security.saml2.binding.BindingHandlerException: Unsupported binding type received: urn:mace:shibboleth:1.0:profiles:AuthnRequest
at com.bea.security.saml2.binding.BindingHandlerFactory.newBindingSender(BindingHandlerFactory.java:53)
at com.bea.security.saml2.service.AbstractService.getSender(AbstractService.java:75)
at com.bea.security.saml2.service.spinitiator.SPInitiatorImpl.process(SPInitiatorImpl.java:170)
at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:26)
at $Proxy51.process(Unknown Source)
at com.bea.security.saml2.servlet.SAML2Filter.doFilter(SAML2Filter.java:49)
at weblogic.servlet.security.internal.AuthFilterChain.doFilter(AuthFilterChain.java:37)
at weblogic.servlet.security.internal.SecurityModule$ServletAuthenticationFilterAction.run(SecurityModule.java:645)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.security.internal.SecurityModule.invokeAuthFilterChain(SecurityModule.java:534)
at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:224)
at weblogic.servlet.security.internal.FormSecurityModule.checkAccess(FormSecurityModule.java:96)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:82)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2213)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

Comments

  1. Pat MillerOctober 23, 2013 at 3:22 AM

    Have you gotten Weblogic to work with Shibb as SAML 2 id provider? We are trying to do same, particularly to be able to implement authorization group assertion.

    ReplyDelete
  2. Donovan SherriffsOctober 24, 2013 at 8:41 AM

    Yes, got it working but no authorization group assertions though sorry

    ReplyDelete
  3. UnknownJune 6, 2014 at 11:25 AM

    Did you have to change the IdP or the weblogic config?

    ReplyDelete
  4. Donovan SherriffsJune 6, 2014 at 11:34 AM

    IdP

    ReplyDelete
  5. msanjeevkMarch 8, 2017 at 12:51 PM

    What change was done on the IDP side to get this working?

    ReplyDelete
  6. Donovan SherriffsMarch 8, 2017 at 1:40 PM

    Just reloaded the certificates we produced and reloaded in Shibboleth. Then took the IDP config file made the change and reuploaded in weblogic

    ReplyDelete

Post a Comment

Popular posts from this blog

ADF sort of generic screen for tables with the same structure

We have a couple (about a hundred) of tables with the same structure (Code, Description, Create Date, Update Date). So I wanted to do something simple so that I did not have to create all these screens 1) EO   I created the EO based on one of the tables I had that had the above columns. I then Added a transient attribute called table name to my EO based on a groovy expression. (the expression needs to change as I am reading web tier stuff from the model layer but I will fix this later) I then generated a java class for my EO. And added the following overriden method to my newly created java class. protected StringBuffer buildDMLStatement(int i, AttributeDefImpl[] attributeDefImpl,   AttributeDefImpl[] attributeDefImpl2, AttributeDefImpl[] attributeDefImpl3, boolean b) {   StringBuffer statement = super.buildDMLStatement(   i, attributeDefImpl, attributeDefImpl2, attributeDefImpl3, b); return new StringBuffer(StringUtils.replace(statement.to...
Post a Comment
Read more

OJDeploy: Documentation for the tool

Real DOCS:  http://docs.oracle.com/cd/E26098_01/user.1112/e17455/deploying_apps.htm#OJDUG645 OJDeploy Documentation if you run it from the command line - I keep looking for this so I though I would post it here so I remeber. Oracle JDeveloper Deploy 11.1.2.1.0.6081 Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. Usage:   ojdeploy -profile <name> -workspace <jws> [ -project <name> ] [ <options> ]   ojdeploy -buildfile <ojbuild.xml> [ <options> ]   ojdeploy -buildfileschema Arguments:   -profile               the name of the Profile to deploy   -workspace      full path to the JDeveloper Workspace file(.jws)   -project              name of the JDeveloper Project within the .jws where the Profile can be...
4 comments
Read more

Util code

public static MethodExpression getMethodExpression( String expr, Class returnType, Class[] argTypes){ FacesContext fc = FacesContext.getCurrentInstance(); ELContext elctx = fc.getELContext(); ExpressionFactory elFactory = fc.getApplication().getExpressionFactory(); return elFactory.createMethodExpression( elctx, expr, returnType, argTypes); } public static javax.faces.el.MethodBinding getMethodBinding( String expr, Class[] argTypes){ FacesContext fc = FacesContext.getCurrentInstance(); ELContext elctx = fc.getELContext(); return fc.getApplication().createMethodBinding(expr, argTypes); } SetPropertyListener listener = new SetPropertyListener( ActionEvent.class.getName()); listener.setFrom(link.getRoute()); listener.setValueExpression("to", JSFUtils.getValueExpression("#{pageFlowScope.route}", String.class)); action.addActionListener(listener); AdfFacesContext.getCurrentInstance().getPageFlowScope() .put("route", lin...
Post a Comment
Read more