Weblogic Generates a Malformed SAML2 HTTP Redirect URL when the IdP EndPoint Contains Query Parameters (Doc ID 2057110.1)

Last updated on DECEMBER 22, 2016

Applies to:

Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.
Identity Provider (IdP) configured with HTTP Redirect Binding
Identity Provider (IdP) End Point configured with Query Parameters.

Symptoms

When a SAML2 Identity Provider (IdP) is configured with an HTTP Redirect Binding which includes Query Parameters as part of its End Point Location, WebLogic will generate a malformed Redirect request including double question marks. The browser receiving the HTTP response with the incorrect redirect location will fail as the server will not understand the Location received in the new request.

For example, when the IdP metadata file contains

 

Notice from the above, the URL contains a question mark in SSO?param1=value1 and on the same string it will have another question mark in ?SAMLRequest

 

Changes

 The IdP HTTP Redirect Binding has been configured to include parameters in its End Point Definition

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms