Skip to main content

Shibboleth Weblogic SAML2 identity provider making it work [Work in progress...]

I am busy configuring a Weblogic Service Provider that talks to a Shibboleth implementation using SAML2 and this is a log of the problems (mostly with me) I have encountered:

Problem number 1) Unsupported binding type received: urn:mace:shibboleth:1.0:profiles:AuthnRequest

 For this I had to remove the entry <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://server/idp/profile/Shibboleth/SSO"/> in the metadata file I received from my idp and re upload to the  Identity Provider Partners  section in weblogic.

This was the stack trace:
SecuritySAML2Service  exception info
com.bea.security.saml2.binding.BindingHandlerException: Unsupported binding type received: urn:mace:shibboleth:1.0:profiles:AuthnRequest
at com.bea.security.saml2.binding.BindingHandlerFactory.newBindingSender(BindingHandlerFactory.java:53)
at com.bea.security.saml2.service.AbstractService.getSender(AbstractService.java:75)
at com.bea.security.saml2.service.spinitiator.SPInitiatorImpl.process(SPInitiatorImpl.java:170)
at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:26)
at $Proxy51.process(Unknown Source)
at com.bea.security.saml2.servlet.SAML2Filter.doFilter(SAML2Filter.java:49)
at weblogic.servlet.security.internal.AuthFilterChain.doFilter(AuthFilterChain.java:37)
at weblogic.servlet.security.internal.SecurityModule$ServletAuthenticationFilterAction.run(SecurityModule.java:645)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.security.internal.SecurityModule.invokeAuthFilterChain(SecurityModule.java:534)
at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:224)
at weblogic.servlet.security.internal.FormSecurityModule.checkAccess(FormSecurityModule.java:96)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:82)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2213)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

Comments

  1. Pat MillerOctober 23, 2013 at 3:22 AM

    Have you gotten Weblogic to work with Shibb as SAML 2 id provider? We are trying to do same, particularly to be able to implement authorization group assertion.

    ReplyDelete
  2. Donovan SherriffsOctober 24, 2013 at 8:41 AM

    Yes, got it working but no authorization group assertions though sorry

    ReplyDelete
  3. UnknownJune 6, 2014 at 11:25 AM

    Did you have to change the IdP or the weblogic config?

    ReplyDelete
  4. Donovan SherriffsJune 6, 2014 at 11:34 AM

    IdP

    ReplyDelete
  5. msanjeevkMarch 8, 2017 at 12:51 PM

    What change was done on the IDP side to get this working?

    ReplyDelete
  6. Donovan SherriffsMarch 8, 2017 at 1:40 PM

    Just reloaded the certificates we produced and reloaded in Shibboleth. Then took the IDP config file made the change and reuploaded in weblogic

    ReplyDelete

Post a Comment

Popular posts from this blog

ADF Encountered deferred syntax #{ in template text.

OracleJSP error: oracle.jsp.parse.JspParseException:  Error: Encountered deferred syntax #{ in template text.  If intended as a literal, escape it or set directive  deferredSyntaxAllowedAsLiteral This normally happens when you have some tag lib dependancy problems but this was  not the case for me... My problem: For some reason my model project had web stuff in it(public html etc)  so I had to remove the public html stuff from my project and manually edit the Model.jpr project file and remove the tag lib entries at the bottom o the file. Go figure.    
3 comments
Read more

JBO-25013: TooManyObjectsException

oracle.jbo.TooManyObjectsException: JBO-25013: Too many objects match the primary key oracle.jbo.Key[Key null ]. Ok so for you it may be trying to insert a duplicate record this should explain your problem (also check trigger they could be the cause.) NOTE: You can also try to create a new duplicate EO if you have a page with two VO's using the same EO. This could sort your problems. For me I needed to add a launch listener on my LOV and clear the cache of my vo. LOV <af:inputListOfValues id="NameId" popupTitle="#{bindings.Name.hints.label}" value="#{bindings.RolName1.inputValue}" label="#{bindings.RolName1.hints.label}" model="#{bindings.RolName1.listOfValuesModel}" required="#{bindings.RolName1.hints.mandatory}" columns="#{bindings.RolName1.hints.displayWidth}" shortDesc="#{bindings.RolName1.hints.tooltip}" launchPopupListener="#{backingBeanScope.backingBean.launchPop
Post a Comment
Read more

MANIFEST.MF merge JDeveloper for an executable jar

Goto your project > properties. Then click on deployment in the menu. Edit or add a jar deployment profile. Fill in the details under jar options (select Include manifest and give it a main class name) Also remember that the merge functionality only works with a BLANK line at the end of the merge file. REALLY this caught me. My merge file contents: Class-Path: commons-codec-1.3.jar [...empty line here CRLF...]
1 comment
Read more