OSB/WLS Issues with Signature validation and pretty print format
Last updated on NOVEMBER 05, 2016
Applies to:Oracle Service Bus - Version: 2.6 to 10.3.1 - Release: Aqualogic Service Bus to AS10gR3
Oracle Weblogic Server - Version: 9.2 to 10.3.4]
Information in this document applies to any platform.
The Oracle-Service-Bus domain just contains the AdminServer which runs on WebLogic Server (WLS) 10 MP1
The following tests are made which show the results described below:
1. The SOAP-UI is sending a request (you see this in the screenshot, it is in pretty-print-format) providing user-name password invoking the SAML-Credential Mapper which has a relying party defined being the endpoint of the proxy-service. The SAML-Credential Mapper is creating a Signed SAML token and sending it back to the client. The response will be represented in pretty-print format. This is the default option in SOAP-UI.
2. This response, containing a signed SAML-Signature is used for sending the second request invoking another endpoint which is accociated with the SAML Identity Asserter to verifiy the signature.
The result is that the second request fails with a message that the Signature is not valid.
However when setting "TrimWhitespaces" within SOAP-UI before sending the second request the Signature is recognized as valid.
In case that the first response is not represented in pretty-print format, TrimWhitespaces is not necessary.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms