Skip to main content

Shibboleth Weblogic SAML2 identity provider making it work [Work in progress...]

I am busy configuring a Weblogic Service Provider that talks to a Shibboleth implementation using SAML2 and this is a log of the problems (mostly with me) I have encountered:

Problem number 1) Unsupported binding type received: urn:mace:shibboleth:1.0:profiles:AuthnRequest

 For this I had to remove the entry <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://server/idp/profile/Shibboleth/SSO"/> in the metadata file I received from my idp and re upload to the  Identity Provider Partners  section in weblogic.

This was the stack trace:
SecuritySAML2Service  exception info
com.bea.security.saml2.binding.BindingHandlerException: Unsupported binding type received: urn:mace:shibboleth:1.0:profiles:AuthnRequest
at com.bea.security.saml2.binding.BindingHandlerFactory.newBindingSender(BindingHandlerFactory.java:53)
at com.bea.security.saml2.service.AbstractService.getSender(AbstractService.java:75)
at com.bea.security.saml2.service.spinitiator.SPInitiatorImpl.process(SPInitiatorImpl.java:170)
at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:26)
at $Proxy51.process(Unknown Source)
at com.bea.security.saml2.servlet.SAML2Filter.doFilter(SAML2Filter.java:49)
at weblogic.servlet.security.internal.AuthFilterChain.doFilter(AuthFilterChain.java:37)
at weblogic.servlet.security.internal.SecurityModule$ServletAuthenticationFilterAction.run(SecurityModule.java:645)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.security.internal.SecurityModule.invokeAuthFilterChain(SecurityModule.java:534)
at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:224)
at weblogic.servlet.security.internal.FormSecurityModule.checkAccess(FormSecurityModule.java:96)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:82)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2213)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

Comments

  1. Pat MillerOctober 23, 2013 at 3:22 AM

    Have you gotten Weblogic to work with Shibb as SAML 2 id provider? We are trying to do same, particularly to be able to implement authorization group assertion.

    ReplyDelete
  2. Donovan SherriffsOctober 24, 2013 at 8:41 AM

    Yes, got it working but no authorization group assertions though sorry

    ReplyDelete
  3. UnknownJune 6, 2014 at 11:25 AM

    Did you have to change the IdP or the weblogic config?

    ReplyDelete
  4. Donovan SherriffsJune 6, 2014 at 11:34 AM

    IdP

    ReplyDelete
  5. msanjeevkMarch 8, 2017 at 12:51 PM

    What change was done on the IDP side to get this working?

    ReplyDelete
  6. Donovan SherriffsMarch 8, 2017 at 1:40 PM

    Just reloaded the certificates we produced and reloaded in Shibboleth. Then took the IDP config file made the change and reuploaded in weblogic

    ReplyDelete

Post a Comment

Popular posts from this blog

OJDeploy: Documentation for the tool

Real DOCS:  http://docs.oracle.com/cd/E26098_01/user.1112/e17455/deploying_apps.htm#OJDUG645 OJDeploy Documentation if you run it from the command line - I keep looking for this so I though I would post it here so I remeber. Oracle JDeveloper Deploy 11.1.2.1.0.6081 Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. Usage:   ojdeploy -profile <name> -workspace <jws> [ -project <name> ] [ <options> ]   ojdeploy -buildfile <ojbuild.xml> [ <options> ]   ojdeploy -buildfileschema Arguments:   -profile               the name of the Profile to deploy   -workspace      full path to the JDeveloper Workspace file(.jws)   -project              name of the JDeveloper Project within the .jws where the Profile can be...
4 comments
Read more

ADF: LOV Description instead of code

I keep on forgetting how to do this so this is a note to self in terms I understand (ie pictures): Add the related entiy object to yours (in the example we are adding RegionEO(list of values) to CountryEO) Now add the RegionName field from the EO and a transient attribute (I named mine RegionNameLOV) Make the transient attribute updateable and base it on the expression RegionName (the description you wish to display) Add a list of values to RegionNameLOV and map BOTH key to parent fk (region id here) AND RegionName to your transient coulmn (RegionNameLOV).  Map the transient as an Input text with List of Values. Then just drag the lov item onto the page (RegionNameLOV)
Post a Comment
Read more

ADF sort of generic screen for tables with the same structure

We have a couple (about a hundred) of tables with the same structure (Code, Description, Create Date, Update Date). So I wanted to do something simple so that I did not have to create all these screens 1) EO   I created the EO based on one of the tables I had that had the above columns. I then Added a transient attribute called table name to my EO based on a groovy expression. (the expression needs to change as I am reading web tier stuff from the model layer but I will fix this later) I then generated a java class for my EO. And added the following overriden method to my newly created java class. protected StringBuffer buildDMLStatement(int i, AttributeDefImpl[] attributeDefImpl,   AttributeDefImpl[] attributeDefImpl2, AttributeDefImpl[] attributeDefImpl3, boolean b) {   StringBuffer statement = super.buildDMLStatement(   i, attributeDefImpl, attributeDefImpl2, attributeDefImpl3, b); return new StringBuffer(StringUtils.replace(statement.to...
Post a Comment
Read more