Weblogic Server: IDP Initiated SAML2.0 "RequestURL" have Limit of 80 Characters
(Doc ID 1575459.1)
Last updated on AUGUST 31, 2020
Applies to:Oracle WebLogic Server - Version 10.3 and later
Information in this document applies to any platform.
Customers report using an IdP-initiated SAML2.0 SSO set-up where on the IdP side, the Service Provider Partner configuration is defined as SAML2CredentialMapper with a "POST Binding POST Form" pointing to a .jsp file which contains the Service Provider URL. An example of an end user Service Provider URL for this is "http://saml2/idp/sso/initiator?SPName=<SPName>&RequestURL=<RequestURL>" where:
- saml2/idp/sso/initiator is the IdP service responsible for processing IdP-initiated request flows.
- <SPName> is the Service Provider partner name you have configured for the Identity Provider.
- <RequestURL> is the application you want to access in SSO mode on the Service Provider side.
If the RequestURL is fewer than 80 characters, the request processes successfully. If the RequestURL is 80 or more characters, then the request fails and end user is thrown an HTTP error code 400.
This is an example URL that will FAIL: http://identityprovider.DomainName:7003/saml2/idp/sso/initiator?SPName=WebSSO-SP-Partner-0&RequestURL=http://serviceprovider.DomainName/testapp/flow.html?_flowId=searchFlow
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document