Weblogic Generates a Malformed SAML2 HTTP Redirect URL when the IdP EndPoint Contains Query Parameters
Last updated on DECEMBER 11, 2017
Applies to:Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.
Identity Provider (IdP) configured with HTTP Redirect Binding
Identity Provider (IdP) End Point configured with Query Parameters.
When a SAML2 Identity Provider (IdP) is configured with an HTTP Redirect Binding which includes Query Parameters as part of its End Point Location, WebLogic will generate a malformed Redirect request including double question marks. The browser receiving the HTTP response with the incorrect redirect location will fail as the server will not understand the Location received in the new request.
For example, when the IdP metadata file contains
Notice from the above, the URL contains a question mark in SSO?param1=value1 and on the same string it will have another question mark in ?SAMLRequest
The IdP HTTP Redirect Binding has been configured to include parameters in its End Point Definition
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms