Weblogic Server: IDP Initiated SAML2.0 "RequestURL" Have Limit Of 80 Characters (Doc ID 1575459.1)

Last updated on AUGUST 19, 2013

Applies to:

Oracle Weblogic Server - Version 10.3 and later
Information in this document applies to any platform.

Goal

Customers report using an IdP-initiated SAML2.0 SSO set-up where on the IdP side, the Service Provider Partner configuration is defined as SAML2CredentialMapper with a "POST Binding POST Form" pointing to a .jsp file which contains the Service Provider URL. An example of an end user Service Provider URL for this is "http://saml2/idp/sso/initiator?SPName=<SPName>&RequestURL=<RequestURL>" where:

If the RequestURL is fewer than 80 characters, the request processes successfully. If the RequestURL is 80 or more characters, then the request fails and end user is thrown an HTTP error code 400.

This is an example URL that will FAIL: http://identityprovider.us.oracle.com:7003/saml2/idp/sso/initiator?SPName=WebSSO-SP-Partner-0&RequestURL=http://serviceprovider.us_americas.oracle.com/testapp/flow.html?_flowId=searchFlow

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms