WebLogic Accepts Unsigned SAML Assertions
(Doc ID 1544281.1)
Last updated on NOVEMBER 03, 2022
Applies to:
Oracle WebLogic Server - Version 10.3 to 12.1.1.0Information in this document applies to any platform.
Symptoms
From an external resource SAML tokens are being generated, which are then signed and sent to a webservice ( Service Provider) which is on WLS 10.3.6
- SAML tokens are consumed and mapped to virtual users
- SAML tokens with invalid signatures are denied
- SAML tokens signed by untrusted signers are denied
However, unsigned SAML tokens are accepted – this is not desired behavior
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |