WebLogic Accepts Unsigned SAML Assertions (Doc ID 1544281.1)

Last updated on NOVEMBER 03, 2022

Applies to:

Oracle WebLogic Server - Version 10.3 to 12.1.1.0
Information in this document applies to any platform.

Symptoms

From an external resource SAML tokens are being generated, which are then signed and sent to a webservice ( Service Provider) which is on WLS 10.3.6

- SAML tokens are consumed and mapped to virtual users
- SAML tokens with invalid signatures are denied
- SAML tokens signed by untrusted signers are denied

However, unsigned SAML tokens are accepted – this is not desired behavior

Changes

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

WebLogic Accepts Unsigned SAML Assertions (Doc ID 1544281.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!