SAML1.1 Federation Service Do Not Properly Forward Query If Values Are Empty when acting as Identity Provider
(Doc ID 2326906.1)
Last updated on JUNE 06, 2022
Applies to:Oracle WebLogic Server - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
SAML 1.1 working as Source Site
Original parameters sent to source site are not forwarded to destination site once Authentication takes place. Parameters should be preserved, and sent back to Service Provider.
The issue can be reproduced at will by accessing application at destination site, providing parameters on request. We can see that when WLS is acting as source and upon authenticating, it is simply forgetting to pass a parameter (param) that comes empty. For example for below request:
Due to this issue, users cannot utilize the application as the rely upon those parameters for application behavior.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document