How To Extract Attribute Statements From A SAML 2.0 Assertion (Doc ID 2262947.1)

Last updated on MAY 09, 2017

Applies to:

Oracle Web Services Manager - Version 12.1.3.0.0 and later
Information in this document applies to any platform.

Symptoms

It is necessary to configure OWSM to authenticate an incoming SOAP web service request based on WS-Security with SAML 2.0.
The SAML assertion that is included as the supporting token of a WS-Security header.
The SAML assertion and additional SOAP elements are signed and the signing certificate is included as a binary security token.
The Subject confirmation method of the SAML assertion is 'sender-vouches'.
Besides the subject, the SAML token includes additional attribute statements that define user roles and further profile data.
 
It is possible to setup OWSM to do the authentication but, in addition, it is necessary to retrieve the user roles and attributes and add them as principals to the security subject.
 
This does not seem to be possible through OWSM.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms