Partner Not Found, Returning Forbidden SAML Error (Doc ID 1369989.1)

Last updated on NOVEMBER 05, 2016

Applies to:

Oracle Weblogic Server - Version: 10.3 and later   [Release: and later ]
Information in this document applies to any platform.
SAML SSO configured in WLS environment does not work and gets the below error in the debug(SecuritySAMLService)logs

Symptoms



####<Sep 13, 2011 8:59:05 AM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph01lz01> <gaa001> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1315875545742> <BEA-000000> <SAMLSingleSignOnService.doITSGet: Partner not found, returning FORBIDDEN>



Log Snippet:-


Destination Site:-
====================================================================================================================================================================================================================

##<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650765> <BEA-000000> <SAMLServletAuthenticationFilter doFilter()>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650765> <BEA-000000> <SAMLServletAuthenticationFilter request parameters:>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650766> <BEA-000000> <SAMLServletAuthenticationFilter request attributes:>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650766> <BEA-000000> <  weblogic.servlet.request.sslsession: javax.net.ssl.impl.SSLSessionImpl@1d252d3>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650767> <BEA-000000> <  javax.servlet.request.key_size: 128>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650767> <BEA-000000> <  weblogic.servlet.network_channel.sslport: 7101>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650767> <BEA-000000> <  javax.servlet.request.cipher_suite: TLS_RSA_WITH_RC4_128_MD5>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650768> <BEA-000000> <SAMLServletAuthenticationFilter request headers:>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650768> <BEA-000000> <  Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650769> <BEA-000000> <  Accept-Language: zh-CN>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650769> <BEA-000000> <  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MS-RTC LM 8)>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650769> <BEA-000000> <  Accept-Encoding: gzip, deflate>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650770> <BEA-000000> <  Host: ggis.eo.shanghaionstar.com:7101>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650770> <BEA-000000> <  Connection: Keep-Alive>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650771> <BEA-000000> <SAMLServletAuthenticationFilter context path: /ggis>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650771> <BEA-000000> <SAMLServletAuthenticationFilter request method: GET>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650771> <BEA-000000> <SAMLServletAuthenticationFilter request URL: https://abc*.com:7101/ggis/ggisServiceAction.action>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650772> <BEA-000000> <SAMLDestinationSiteHelper: doSourceSiteRedirect(): Processing source site redirect, redirect URI is '/ggis/ggisServiceAction.action'>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650772> <BEA-000000> <SAMLDestinationSiteHelper: doSourceSiteRedirect(): Processing source site redirect, ITS URL is 'https://xyz*.com:8152/samlits_ba/its?RPID=rp_00001&'>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650773> <BEA-000000> <SAMLDestinationSiteHelper: doSourceSiteRedirect(): Request query string is: ''>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650773> <BEA-000000> <SAMLDestinationSiteHelper: doSourceSiteRedirect(): Prepped query string is: '&'>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650774> <BEA-000000> <SAMLDestinationSiteHelper: doSourceSiteRedirect(): TARGET param is 'TARGET=https://abc*.com:7101/ggis/ggisServiceAction.action'>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650774> <BEA-000000> <SAMLDestinationSiteHelper: doSourceSiteRedirect(): Assembled redirect URL: 'https://xyz*.com:8152/samlits_ba/its?RPID=rp_00001&TARGET=https://abc*.com:7101/ggis/ggisServiceAction.action&'>
####<Sep 20, 2011 11:47:30 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph04lz01> <ggis001> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1316533650774> <BEA-000000> <SAMLDestinationSiteHelper: doSourceSiteRedirect(): Encoded redirect URL: 'https://xyz*.com:8152/samlits_ba/its?RPID=rp_00001&TARGET=https://abc*.com:7101/ggis/ggisServiceAction.action&'>
#
====================================================================================================================================================================================================================



Source Site:-
====================================================================================================================================================================================================================
####<Sep 20, 2011 11:47:41 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph01lz01> <gaa001> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tu ning)'> <> <> <> <1316533661745> <BEA-000000> <SAMLServlet (samlits): doGet(): Request URI is '/samlits_ba/its'>
####<Sep 20, 2011 11:47:41 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph01lz01> <gaa001> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tu ning)'> <> <> <> <1316533661746> <BEA-000000> <SAMLServlet (samlits): doGet(): Servlet URI is '/its'>
####<Sep 20, 2011 11:47:41 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph01lz01> <gaa001> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tu ning)'> <> <> <> <1316533661747> <BEA-000000> <SAMLSingleSignOnService.doITSGet: Request URI is '/samlits_ba/its'>
####<Sep 20, 2011 11:47:41 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph01lz01> <gaa001> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tu ning)'> <> <> <> <1316533661747> <BEA-000000> <SAMLSingleSignOnService.doITSGet: Servlet URI is '/its'>
####<Sep 20, 2011 11:47:41 PM CST> <Debug> <SecuritySAMLService> <oncnjqsveoph01lz01> <gaa001> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tu ning)'> <> <> <> <1316533661748> <BEA-000000> <SAMLSingleSignOnService.doITSGet: Partner not found, returning FORBIDDEN>
====================================================================================================================================================================================================================

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms