My Oracle Support Banner

A Blank Screen is Displayed for a Valid SAML Assertion if the SAML Session is Expired (Doc ID 2515454.1)

Last updated on OCTOBER 17, 2023

Applies to:

Oracle WebLogic Server - Version 12.2.1.3.0 and later
Information in this document applies to any platform.

Symptoms

1. Configure SAML in WebLogic (OBIEE) to act as a Service Provider

2. Configure SAML in ForgeRock openam to act as IDP

3. There is a Load Balancer between IDP and WebLogic and request follows below path

Browser===>Load Balancer====>IDP====>Load Balancer====>WebLogic====>Load Balancer====>Dashboard of Analytics

4. Access the load balancer url from the browser, the LB redirects to IDP for authentication

5. IDP does the authentication and send the SAML assertion to WebLogic via LB

6. WebLogic parses the SAML assertion and authenticates the Principle

7. WebLogic creates a new SAML session and submit a POST back to LB with JSESSIONID in the POST url. The value of JSESSIONID is same as the saml session id

8. The session time out at IDP and WebLogic end is set to 5 minutes.

9. WebLogic always receives the same JSESSIONID in the cookie of the GET request from the LB for all subsequent request within 5 minutes.

10. Access the load balancer url from the browser after 5 minutes in a new tab (not in a new browser)

11. As the session has expired IDP redirects to a logout screen that has a link "Return to Login"

12. Clicking "Return to Login" follows the same path i.e. logout screen===>LB===>IDP====>LB===>WebLogic

13. It has been observed that WebLogic receives the same JSESSIONID in the cookie which has expired and a valid saml assertion

14. WebLogic submits a POST back to LB without a JSESSIONID in the POST url as the received JSESSIONID has expired

15. Load Balancer displays a blank screen as it was not able to build a url that can redirects to Analytics Dashboard in the absence of JSESSIONID

Changes

 Configure SAML in WebLogic to act as Service Provider and in ForgeRock openam to act as IDP with a Load Balancer between them.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.