OSB/WLS Issues with Signature validation and pretty print format (Doc ID 1088843.1)

Last updated on NOVEMBER 05, 2016

Applies to:

Oracle Service Bus - Version: 2.6 to 10.3.1 - Release: Aqualogic Service Bus to AS10gR3
Oracle Weblogic Server - Version: 9.2 to 10.3.4]
Information in this document applies to any platform.

Goal

For a Security project involving Oracle Service Bus and WebLogic-Server SAML implementation a SOAP-UI i used as a test-client. You see the SOAP-UI gui in the attached screenshot.
The Oracle-Service-Bus domain just contains the AdminServer which runs on WebLogic Server (WLS) 10 MP1

The following tests are made which show the results described below:

1. The SOAP-UI is sending a request (you see this in the screenshot, it is in pretty-print-format) providing user-name password invoking the SAML-Credential Mapper which has a relying party defined being the endpoint of the proxy-service. The SAML-Credential Mapper is creating a Signed SAML token and sending it back to the client. The response will be represented in pretty-print format. This is the default option in SOAP-UI.

2. This response, containing a signed SAML-Signature is used for sending the second request invoking another endpoint which is accociated with the SAML Identity Asserter to verifiy the signature.

The result is that the second request fails with a message that the Signature is not valid.

However when setting "TrimWhitespaces" within SOAP-UI before sending the second request the Signature is recognized as valid.

In case that the first response is not represented in pretty-print format, TrimWhitespaces is not necessary.



Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms