OSB/WLS Issues with Signature Validation and Print Format
(Doc ID 1088843.1)
Last updated on DECEMBER 16, 2023
Applies to:Oracle WebLogic Server - Version 9.2 to 10.3.4
Oracle Service Bus - Version 2.6 to 10.3.1 [Release Aqualogic Service Bus to AS10gR3]
Information in this document applies to any platform.
For a Security project involving Oracle Service Bus and WebLogic-Server SAML implementation a SOAP-UI i used as a test-client
The Oracle-Service-Bus domain just contains the AdminServer which runs on WebLogic Server (WLS) 10 MP1
The following tests are made which show the results described below:
1. The SOAP-UI is sending a request (you see this in the screenshot, it is in pretty-print-format) providing user-name password invoking the SAML-Credential Mapper which has a relying party defined being the endpoint of the proxy-service. The SAML-Credential Mapper is creating a Signed SAML token and sending it back to the client. The response will be represented in pretty-print format. This is the default option in SOAP-UI.
2. This response, containing a signed SAML-Signature is used for sending the second request invoking another endpoint which is associated with the SAML Identity Asserter to verify the signature.
The result is that the second request fails with a message that the Signature is not valid.
However when setting "TrimWhitespaces" within SOAP-UI before sending the second request the Signature is recognized as valid.
In case that the first response is not represented in pretty-print format, TrimWhitespaces is not necessary.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document