Weblogic Server: IDP Initiated SAML2.0 "RequestURL" Have Limit Of 80 Characters
Last updated on DECEMBER 12, 2017
Applies to:Oracle Weblogic Server - Version 10.3 and later
Information in this document applies to any platform.
Customers report using an IdP-initiated SAML2.0 SSO set-up where on the IdP side, the Service Provider Partner configuration is defined as SAML2CredentialMapper with a "POST Binding POST Form" pointing to a .jsp file which contains the Service Provider URL. An example of an end user Service Provider URL for this is "http://saml2/idp/sso/initiator?SPName=<SPName>&RequestURL=<RequestURL>" where:
- saml2/idp/sso/initiator is the IdP service responsible for processing IdP-initiated request flows.
- <SPName> is the Service Provider partner name you have configured for the Identity Provider.
- <RequestURL> is the application you want to access in SSO mode on the Service Provider side.
If the RequestURL is fewer than 80 characters, the request processes successfully. If the RequestURL is 80 or more characters, then the request fails and end user is thrown an HTTP error code 400.
This is an example URL that will FAIL: http://identityprovider.us.oracle.com:7003/saml2/idp/sso/initiator?SPName=WebSSO-SP-Partner-0&RequestURL=http://serviceprovider.us_americas.oracle.com/testapp/flow.html?_flowId=searchFlow
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms