Skip to main content

Shibboleth Weblogic SAML2 identity provider making it work [Work in progress...]

I am busy configuring a Weblogic Service Provider that talks to a Shibboleth implementation using SAML2 and this is a log of the problems (mostly with me) I have encountered:

Problem number 1) Unsupported binding type received: urn:mace:shibboleth:1.0:profiles:AuthnRequest

For this I had to remove the entry <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://server/idp/profile/Shibboleth/SSO"/> in the metadata file I received from my idp and re upload to the  Identity Provider Partners  section in weblogic.

This was the stack trace:
SecuritySAML2Service  exception info
com.bea.security.saml2.binding.BindingHandlerException: Unsupported binding type received: urn:mace:shibboleth:1.0:profiles:AuthnRequest
at com.bea.security.saml2.binding.BindingHandlerFactory.newBindingSender(BindingHandlerFactory.java:53)
at com.bea.security.saml2.service.AbstractService.getSender(AbstractService.java:75)
at com.bea.security.saml2.service.spinitiator.SPInitiatorImpl.process(SPInitiatorImpl.java:170)
at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:26)
at $Proxy51.process(Unknown Source)
at com.bea.security.saml2.servlet.SAML2Filter.doFilter(SAML2Filter.java:49)
at weblogic.servlet.security.internal.AuthFilterChain.doFilter(AuthFilterChain.java:37)
at weblogic.servlet.security.internal.SecurityModule$ServletAuthenticationFilterAction.run(SecurityModule.java:645)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.security.internal.SecurityModule.invokeAuthFilterChain(SecurityModule.java:534)
at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:224)
at weblogic.servlet.security.internal.FormSecurityModule.checkAccess(FormSecurityModule.java:96)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:82)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2213)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

Comments

  1. Have you gotten Weblogic to work with Shibb as SAML 2 id provider? We are trying to do same, particularly to be able to implement authorization group assertion.

    ReplyDelete
  2. Yes, got it working but no authorization group assertions though sorry

    ReplyDelete
  3. Did you have to change the IdP or the weblogic config?

    ReplyDelete
  4. What change was done on the IDP side to get this working?

    ReplyDelete
  5. Just reloaded the certificates we produced and reloaded in Shibboleth. Then took the IDP config file made the change and reuploaded in weblogic

    ReplyDelete

Post a Comment

Popular posts from this blog

ADF Encountered deferred syntax #{ in template text.

OracleJSP error: oracle.jsp.parse.JspParseException:  Error: Encountered deferred syntax #{ in template text.  If intended as a literal, escape it or set directive  deferredSyntaxAllowedAsLiteral This normally happens when you have some tag lib dependancy problems but this was  not the case for me... My problem: For some reason my model project had web stuff in it(public html etc)  so I had to remove the public html stuff from my project and manually edit the Model.jpr project file and remove the tag lib entries at the bottom o the file. Go figure.    

JBO-25013: TooManyObjectsException

oracle.jbo.TooManyObjectsException: JBO-25013: Too many objects match the primary key oracle.jbo.Key[Key null ]. Ok so for you it may be trying to insert a duplicate record this should explain your problem (also check trigger they could be the cause.) NOTE: You can also try to create a new duplicate EO if you have a page with two VO's using the same EO. This could sort your problems. For me I needed to add a launch listener on my LOV and clear the cache of my vo. LOV <af:inputListOfValues id="NameId" popupTitle="#{bindings.Name.hints.label}" value="#{bindings.RolName1.inputValue}" label="#{bindings.RolName1.hints.label}" model="#{bindings.RolName1.listOfValuesModel}" required="#{bindings.RolName1.hints.mandatory}" columns="#{bindings.RolName1.hints.displayWidth}" shortDesc="#{bindings.RolName1.hints.tooltip}" launchPopupListener="#{backingBeanScope.backingBean.launchPop

OJDeploy: Documentation for the tool

Real DOCS:  http://docs.oracle.com/cd/E26098_01/user.1112/e17455/deploying_apps.htm#OJDUG645 OJDeploy Documentation if you run it from the command line - I keep looking for this so I though I would post it here so I remeber. Oracle JDeveloper Deploy 11.1.2.1.0.6081 Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. Usage:   ojdeploy -profile <name> -workspace <jws> [ -project <name> ] [ <options> ]   ojdeploy -buildfile <ojbuild.xml> [ <options> ]   ojdeploy -buildfileschema Arguments:   -profile               the name of the Profile to deploy   -workspace      full path to the JDeveloper Workspace file(.jws)   -project              name of the JDeveloper Project within the .jws where the Profile can be found. If omitted, the Profile is assumed to be in the Workspace.   -buildfile            full path to a build file for batch deploy   -buildfileschema  print XML Schema for the build file