SAML Audience URI Restrictions With OWSM Policy Attached to an OSB Proxy Service.
(Doc ID 1663370.1)
Last updated on JULY 21, 2023
Applies to:
Oracle Web Services Manager - Version 11.1.1.7.0 to 11.1.1.7.0 [Release 11gR1]Oracle Service Bus - Version 11.1.1.7.0 to 11.1.1.7.0 [Release 11g]
Information in this document applies to any platform.
Symptoms
An OSB (Oracle Service Bus) Proxy Service is secured with a SAML based OWSM (Oracle Web Services Manager) policy.
A client uses a SAML audience URI restriction with an absolute URI, similar to the following:
<saml:Audience>http://<OSB HOST>:<PORT>/<PROXY URI></saml:Audience>
</saml:AudienceRestrictionCondition>
On an OSB Proxy Service secured with a SAML based OWSM policy, using such a SAML audience URI with an absolute URI fails with
at oracle.security.jps.internal.jaas.module.saml.SAMLUtils.verifyAudienceUri(SAMLUtils.java:133)
at oracle.security.jps.internal.jaas.module.saml.JpsSAMLVerifier.verifyConditions(JpsSAMLVerifier.java:234)
at oracle.security.jps.internal.jaas.module.saml.JpsSAMLVerifier.verify(JpsSAMLVerifier.java:124)
at oracle.security.jps.internal.jaas.module.saml.JpsSamlAssertor.verify(JpsSamlAssertor.java:90)
at oracle.security.jps.internal.jaas.module.saml.JpsSamlAssertor.assertToken(JpsSamlAssertor.java:67)
at oracle.security.jps.internal.jaas.module.saml.JpsAbstractSAMLLoginModule.login(JpsAbstractSAMLLoginModule.java:102)
... 70 more
or (in the OSB Test Console) with
Changes
This problem is specific to Oracle Service Bus. The problem does not show up when the same OWSM policy is attached to a JAX-WS Web Service or a SOA composite.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| Solution Summary |
| Patch installation instructions: |
| Apply patch 17502332 (OSB) |
| Apply patch 17581405 (OWSM) |
| References |