OSB/WLS Issues with Signature validation and pretty print format
(Doc ID 1088843.1)
Last updated on FEBRUARY 13, 2019
Applies to:Oracle Service Bus - Version 2.6 to 10.3.1 [Release Aqualogic Service Bus to AS10gR3]
Oracle WebLogic Server - Version 9.2 to 10.3.4
Information in this document applies to any platform.
For a Security project involving Oracle Service Bus and WebLogic-Server SAML implementation a SOAP-UI i used as a test-client. You see the SOAP-UI gui in the attached screenshot.
The Oracle-Service-Bus domain just contains the AdminServer which runs on WebLogic Server (WLS) 10 MP1
The following tests are made which show the results described below:
1. The SOAP-UI is sending a request (you see this in the screenshot, it is in pretty-print-format) providing user-name password invoking the SAML-Credential Mapper which has a relying party defined being the endpoint of the proxy-service. The SAML-Credential Mapper is creating a Signed SAML token and sending it back to the client. The response will be represented in pretty-print format. This is the default option in SOAP-UI.
2. This response, containing a signed SAML-Signature is used for sending the second request invoking another endpoint which is accociated with the SAML Identity Asserter to verifiy the signature.
The result is that the second request fails with a message that the Signature is not valid.
However when setting "TrimWhitespaces" within SOAP-UI before sending the second request the Signature is recognized as valid.
In case that the first response is not represented in pretty-print format, TrimWhitespaces is not necessary.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document