Skip to main content

Shibboleth Weblogic SAML2 identity provider making it work [Work in progress...]

I am busy configuring a Weblogic Service Provider that talks to a Shibboleth implementation using SAML2 and this is a log of the problems (mostly with me) I have encountered:

Problem number 1) Unsupported binding type received: urn:mace:shibboleth:1.0:profiles:AuthnRequest

 For this I had to remove the entry <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://server/idp/profile/Shibboleth/SSO"/> in the metadata file I received from my idp and re upload to the  Identity Provider Partners  section in weblogic.

This was the stack trace:
SecuritySAML2Service  exception info
com.bea.security.saml2.binding.BindingHandlerException: Unsupported binding type received: urn:mace:shibboleth:1.0:profiles:AuthnRequest
at com.bea.security.saml2.binding.BindingHandlerFactory.newBindingSender(BindingHandlerFactory.java:53)
at com.bea.security.saml2.service.AbstractService.getSender(AbstractService.java:75)
at com.bea.security.saml2.service.spinitiator.SPInitiatorImpl.process(SPInitiatorImpl.java:170)
at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:26)
at $Proxy51.process(Unknown Source)
at com.bea.security.saml2.servlet.SAML2Filter.doFilter(SAML2Filter.java:49)
at weblogic.servlet.security.internal.AuthFilterChain.doFilter(AuthFilterChain.java:37)
at weblogic.servlet.security.internal.SecurityModule$ServletAuthenticationFilterAction.run(SecurityModule.java:645)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.security.internal.SecurityModule.invokeAuthFilterChain(SecurityModule.java:534)
at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:224)
at weblogic.servlet.security.internal.FormSecurityModule.checkAccess(FormSecurityModule.java:96)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:82)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2213)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

Comments

  1. Pat MillerOctober 23, 2013 at 3:22 AM

    Have you gotten Weblogic to work with Shibb as SAML 2 id provider? We are trying to do same, particularly to be able to implement authorization group assertion.

    ReplyDelete
  2. Donovan SherriffsOctober 24, 2013 at 8:41 AM

    Yes, got it working but no authorization group assertions though sorry

    ReplyDelete
  3. UnknownJune 6, 2014 at 11:25 AM

    Did you have to change the IdP or the weblogic config?

    ReplyDelete
  4. Donovan SherriffsJune 6, 2014 at 11:34 AM

    IdP

    ReplyDelete
  5. msanjeevkMarch 8, 2017 at 12:51 PM

    What change was done on the IDP side to get this working?

    ReplyDelete
  6. Donovan SherriffsMarch 8, 2017 at 1:40 PM

    Just reloaded the certificates we produced and reloaded in Shibboleth. Then took the IDP config file made the change and reuploaded in weblogic

    ReplyDelete

Post a Comment

Popular posts from this blog

OJDeploy: Documentation for the tool

Real DOCS:  http://docs.oracle.com/cd/E26098_01/user.1112/e17455/deploying_apps.htm#OJDUG645 OJDeploy Documentation if you run it from the command line - I keep looking for this so I though I would post it here so I remeber. Oracle JDeveloper Deploy 11.1.2.1.0.6081 Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. Usage:   ojdeploy -profile <name> -workspace <jws> [ -project <name> ] [ <options> ]   ojdeploy -buildfile <ojbuild.xml> [ <options> ]   ojdeploy -buildfileschema Arguments:   -profile               the name of the Profile to deploy   -workspace      full path to the JDeveloper Workspace file(.jws)   -project              name of the JDeveloper Project within the .jws where the Profile can be...
4 comments
Read more

Util code

public static MethodExpression getMethodExpression( String expr, Class returnType, Class[] argTypes){ FacesContext fc = FacesContext.getCurrentInstance(); ELContext elctx = fc.getELContext(); ExpressionFactory elFactory = fc.getApplication().getExpressionFactory(); return elFactory.createMethodExpression( elctx, expr, returnType, argTypes); } public static javax.faces.el.MethodBinding getMethodBinding( String expr, Class[] argTypes){ FacesContext fc = FacesContext.getCurrentInstance(); ELContext elctx = fc.getELContext(); return fc.getApplication().createMethodBinding(expr, argTypes); } SetPropertyListener listener = new SetPropertyListener( ActionEvent.class.getName()); listener.setFrom(link.getRoute()); listener.setValueExpression("to", JSFUtils.getValueExpression("#{pageFlowScope.route}", String.class)); action.addActionListener(listener); AdfFacesContext.getCurrentInstance().getPageFlowScope() .put("route", lin...
Post a Comment
Read more

ADF: LOV Description instead of code

I keep on forgetting how to do this so this is a note to self in terms I understand (ie pictures): Add the related entiy object to yours (in the example we are adding RegionEO(list of values) to CountryEO) Now add the RegionName field from the EO and a transient attribute (I named mine RegionNameLOV) Make the transient attribute updateable and base it on the expression RegionName (the description you wish to display) Add a list of values to RegionNameLOV and map BOTH key to parent fk (region id here) AND RegionName to your transient coulmn (RegionNameLOV).  Map the transient as an Input text with List of Values. Then just drag the lov item onto the page (RegionNameLOV)
Post a Comment
Read more