Decode SAML request

Similar Messages

• Decode SAML Request or Response

  I am attempting to write a function to decode a SAML request or response. I'm missing something and can't seem to find the issue. I thought the issue was the encoding on the GetString but varying between UTF8, ASCII or Unicode doesn't seem to return the
  xml string I am expecting.  Any suggestions.
  function ConvertFromBase64{
   param($EncodedText
   Process{
    if($EnCodedText.contains("%")){
     $rawData = [System.Web.HttpUtility]::UrlDecode($EncodedText)
     $samlData = [System.Convert]::FromBase64String($rawData)
    else{
     $samlData = [System.Convert]::FromBase64String($EncodedText)
    [string] $DecodedText = [System.Text.Encoding]::UTF8.GetString($samlData)
    $DecodedText

  Thanks for the information.  Unfortunately, that provides the same result I've been getting.  I've had some other people I know try it and they get the same result.  Below is the test I tried and the result.
  function UrlDecode([string]$url) {
     [Web.Httputility]::UrlDecode($url)
  function FromBase64([string]$str) {
     [text.encoding]::utf8.getstring([convert]::FromBase64String($str))
  $text = "fZJNT%2BMwEIbvSPwHy%2Fd8tMvHympSdUGISuwS0cCBm%2BtMUwfbk%2FU4zfLvSVMq2Euv45n3fd7xzOb%2FrGE78KTRZXwSp5yBU1hpV2f8ubyLfvJ5fn42I2lNKxZd2Lon%2BNsBBTZMOhLjQ8Y77wRK0iSctEAiKLFa%2FH4Q0zgVrceACg1ny9uMy7rCdaM2%2Bs0BWrtppK2UAdeoVjW2ruq1bevGImcvR6zpHmtJ1MHSUZAuDKU0vY7Si2h6VU5%2BiMuJuLx65az4dPql3SHBKaz1oYnEfVkWUfG4KkeBna7A%2Fxm6M14j1gZihZazBRH4MODcoKPOgl%2BB32kFz08PGd%2BG0JJIkr7v46%2BhRCaEpod17DCRivYZCkmkd4N28B3wfNyrGKP5bws9DS6PKDz%2FMpsl36Tyz%2F%2Fax1jeFmi0emcLY7C%2F8SDD0Z7dobcynHbbV3QVbcZW0TlqQemNhoqzJD%2B4%2Fn8Yw7l8AA%3D%3D"
  $Saml = UrlDecode $text
  $Result = FromBase64 $Saml
  $Result
  I get.
  }?MO?0►??H???|????jRuA?J?↕?????LS??8???IS*?K???}??????a;??e|↕???SXiWg????~?y~
  ~6#iM+▬]?'??☺♣6L:↕?C?;?♦J?$??@"(?Z?~►?8§?|
  g????u?6??☺Z?i???☺?V5???m??"g/G??▲kI???Q?.♀?4???hzUN~?─??z??t???!?)?????}Y▬Q?*G
  ?????↓?3^#?♠b???♣◄?0????_??i♣?O☼↓??H????D&???u?0???↓
  I?w?v?↔?|?↑??o♂=.?(<?2?%??????X?▬h?zg♂c??? ????2?v?Wt§m?V?9jA???$???⌂↑ù|

• Request parameters not decoded in UTF-8 format

  Hi All,
  I've a spring mvc application hosted in tomcat.But when I make a get request to this application giving japanese characters as parameters , the servlet decodes it in ISO-8859-1 fomat, due to which a search functionality is failing.
  Is there any way to specify the servlet for decoding the request parameters in UTF-8 format?
  I Tried adding the URIEncoding="UTF-8" attribute in Connector tag in server.xml of the tomcat server where my application is hosted, but still -ve results.
  Any help?

  This link may help you:
  http://wiki.apache.org/tomcat/FAQ/CharacterEncoding
  The change you made is indeed documented:
  http://tomcat.apache.org/tomcat-7.0-doc/config/http.html
  so if that doesn't work, you'll have to direct your question to a Tomcat forum.

• SAML / OIF integration does not work - Could not extract SAML2 message

  Hi gurus,
  We are trying to establish SSO between SAP Portal 7.3 and OIF 11.1.5 (Oracle Identity federation). I configured SAP Portal as service provider and OIF is also configured. I changed Login Module and add SAMl as on top of my default auth stack. When we try to do end-to-end test is does not work and throws the following error:
  Default SAML2 configuration is selected because login module option [provider] is not configured.
  SAML2LoginModule is running in execution mode DEFAULT.
  SAML2Principal not found in current client context.
  Exiting method
  Entering method
  SAMLResponse: PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6
  <BR>U0FNTDoyLjA6cHJvdG9jb2wiIERlc3RpbmF0aW9uPSJodHRwczovL2ppZXB0ODIu
  <BR>dWsuY2VudHJpY2FwbGMuY29tOjgxODIvc2FtbDIvc3AvYWNzIiBJRD0iaWQtVVRW...........................
  Decoded SAMLResponse: <samlp:Response mlns:samlp="urn:oasis:names:tc:  4 пїЅГЈ"пїЅ пїЅ &пїЅFпїЅ6пїЅпїЅ" FW7FпїЅпїЅ.......................3E&saml2post=false
  Could not extract SAML2 message from request.
  [EXCEPTION]
  java.lang.SecurityException: com.sap.security.saml2.lib.common.SAML2Exception: SAML parsing failed..................
  No user name provided.
  Entering method
  Automatic IdP Selection mode configured for the Service Provider
  POST parameters set as HTTP request attribute [sap.com/login_post_parameters] to be re-submitted during login: [SAMLResponse, SAMLart, RelayState]
  Could not remove original application URL cookie because the provided name is invalid: <null>
  Exiting method with true
  LOGIN.FAILED
  User: N/A
  IP Address: 10.11.11.11
  Authentication Stack: ticket
  Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
  1. com.sap.security.saml2.sp.SAML2LoginModule                              REQUIRED    ok          exception             true       Service Provider could not extract SAML2 message from request.
          #1 AcceptedAuthenticationMethods = *
          #2 Mode = Standalone
  2. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          false                 true      
          #1 trusteddn1 = CN=ERT,OU=I0020100174,O=SAP Web AS
          #2 trustediss1 = CN=ERT,OU=I0020100174,O=SAP Web AS
          #3 trustedsys1 = ERT,010
          #4 ume.configuration.active = true
  3. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   REQUISITE   ok          false                 false     
  4. com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok          false                 true      
  Decoded SAMl response looks strange with all non-readable characters and as a result, there is no username passed to the portal and SAML login fails and portal offers a fall-back login with username/password
  Also, can you please comment the line from the help.sap.com (http://help.sap.com/saphelp_nw73/helpdata/en/bf/b0b879544740c8a3c8bdda87e50587/frameset.htm)
  "Prerequisites for SAML
  "Your service provider must be able to reach the identity provider over HTTP or HTTPS." "
  We have our identity provider / service provider in two different segment of the network and there is no http/https connection between these segments as we assumed that all the communication is going through the browser and we would not need the port to be opened on the firewall. Is it something which is absolutely necessary? In our opinion it negates all the benefits of SAML
  Help will be very much appreciated
  Many thanks in advance,
  Regards, Elena

  Hi Elena,
  The issue was discovered and fixed during the SAML Interoperability Tests early last year (2011). I'm not sure I will be able to find a dedicated note because the fix was not downported but just submitted in the latest SP in correction. If you need a justification then you can open a support ticket with SAP and this will be the official answer there. If you do so please to not forget to attach traces from the system - use the tool described in 1332726 with type "SAML 2.0 (Info)". If you send me the ticket number I can speed-up the processing of the ticket.
  Regards,
  Dimitar

• Deciphering a SAML Message in ColdFusion

  I'm working on an SSO solution for a client.  At this time I'm able to encode an authentication message and successfully send it to the ADFS server.  The ADFS server handles my login and then returns to my site with an HTTP-POST response.  In the POST there is an ADFS encoded SAML message I need to decipher.  I found a few samples of code but none have worked.  This one seemed to have the most promise but...
  <cfscript>
  // Decode the query string from Base 64 
    Decoder = CreateObject("Java", "sun.misc.BASE64Decoder").init();
    SamlByte = Decoder.decodeBuffer(Form.SAMLResponse);
  // Create Byte Array used for the inflation, the CF way 
    ByteClass = CreateObject("Java", "java.lang.Byte").TYPE;
    ByteArray = CreateObject("Java", "java.lang.reflect.Array").NewInstance(ByteClass, 1024);
  // Create Byte Streams needed for inflation
    ByteIn   = CreateObject("Java", "java.io.ByteArrayInputStream").init(SamlByte);
    ByteOut  = CreateObject("Java", "java.io.ByteArrayOutputStream").init();
  // Create Objects needed for inflation 
    Inflater = CreateObject("Java", "java.util.zip.Inflater").init(true);
    InflaterStream = CreateObject("Java", "java.util.zip.InflaterInputStream").init(ByteIn, Inflater);
  // Complete the inflation 
    Count = InflaterStream.read(ByteArray);
    while (Count != -1) {
    ByteOut.write(ByteArray, 0, Count);
    Count = InflaterStream.read(ByteArray);
  // Finished with inflation 
    Inflater.end();
    InflaterStream.close();
  // Convert SAML request back to a string 
    SamlString = CreateObject("Java", "java.lang.String").init(ByteOut.toByteArray());
    </cfscript>
  When the code get to the Count = InflaterStream.read(ByteArray); statement the following error message is returned: oversubscribed dynamic bit lengths tree
  My question is does anybody have a snippet of code that is used to successfully decipher an ADFS encoded SAML response?

  Whatever version came with MX7. When I run it and go to help
  and about, it just shows the version info for cold fusion server.
  Not the report builder. I know it is the latest version however as
  I also downloaded and installed the latest version from
  online.

• Reg: sending a SAML query

  Hi,
  I have made the SAML request through java code using SOAPMessage,SOAPBody elements.. While posting the message i am getting an error with certificates
  java.security.PrivilegedActionException?: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException?: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException?: unable to find valid certification path to requested target
  But I have imported the certificates as well. Can some one help me with a workaround for this.
  Thanks in advance

  Hi,
  >>> I created a webservice in WebDynPro using NWDS and deployed that in local machine
  There are 2 ways while dealing with a webservice (same with any other adapters)
  a. Webservice at the sender side.
  b. Calling (invoking) the serivce of an existing webservice.
  If you want to create a scenario as in option <b>a</b>
  In this case, the sender is not actually a webservice, rather it is a client (webservice client) that invokes the webservice. The actual webservice in this case is your XI server. But again XI server is not a webservice. All XI does is understands the webservice client request and converts it to a XI message and does the operation.
  If you wish to do such a scenario, there are guides available in SDN, (How to expose your outbund interface as webservice, How to Soap Adapters). Follow them.
  Best Regards,
  Jai Shankar

• Signed SAML assertion verification

  Hi,
  I am new to SAML configuration in weblogic. I have configured my asserting party to check for signature.
  I am sending a SAML request whose assertion is signed.
  Still I am getting the following in the log file: "Assertion is not signed"
  Any idea why it is not reading the signature?
  My SAML request is below.
  Any help is appreciated.
  Thanks,
  rabi
  <?xml version="1.0" encoding="UTF-8"?>
  <soapenv:Envelope xmlns:quer="http://www.xyzcorp/procureservice/QueryGDS_US/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="SecurityToken-6104382507547943490" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIICTzCCAbgCBEb60nAwDQYJKoZIhvcNAQEEBQAwbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEWMBQGA1UEChMNVElCQ09Tb2Z0d2FyZTERMA8GA1UECxMIU2VjdXJpdHkxCzAJBgNVBAMTAkNBMB4XDTA3MDkyNjIxNDMxMloXDTM3MDkxODIxNDMxMlowbzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEXMBUGA1UEChMOQUJDIEJvb2sgU3RvcmUxDjAMBgNVBAsTBUFkbWluMQ4wDAYDVQQDEwVBZG1pbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwbPFg87bOmFN4JWMfHxP9XPuuNxc+CNssVs2D4fERNEF1P//JFNGJeP4F2eVyAxvGIH07XcVdal3GNjtzZlDVAT+fNtYXNIs86a1MV2vrSrCfKzO/nj8Py8ey04mygzVboeLmzuv18NmfZy3eMySnypg1LZa1Uw2vp5DTf8OwhECAwEAATANBgkqhkiG9w0BAQQFAAOBgQAPwQBOHwjPalmSnUIvifqZZjeEFf5z6hMKpw2XoN3FV/ioLMt2yfmggmV8ic8B6XxnhVJBTC4PVp+nt86wXHwdgn0TMLWiHJLLVXHCBtrTGrmpRjaM/v3Gv3yG73XmKZ0y9g64lNC3RHqFdnKIFL3UVZ5e6KFd+YCNolj0vvtBRQ==</wsse:BinarySecurityToken>
  <Assertion AssertionID="/iEncjfEQdaj4R/lpzUI2qqSQGE=" IssueInstant="2008-10-31T00:00:02.687Z" Issuer="www.xxx.com" MajorVersion="1" MinorVersion="1" wsu:Id="/iEncjfEQdaj4R/lpzUI2qqSQGE=" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <Conditions NotBefore="2008-10-31T00:00:02.687Z" NotOnOrAfter="2008-10-31T00:05:02.687Z" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"/>
  <AuthenticationStatement AuthenticationInstant="2008-10-31T00:00:02.687Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">john</NameIdentifier>
  <SubjectConfirmation xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod>
  </SubjectConfirmation>
  </Subject>
  </AuthenticationStatement>
  <AttributeStatement xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">john</NameIdentifier>
  <SubjectConfirmation xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod>
  </SubjectConfirmation>
  </Subject>
  <Attribute AttributeName="roles" AttributeNamespace="http://namespace.amberpoint.com/amf" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <AttributeValue>Accounting Managers</AttributeValue>
  <AttributeValue>AddGroup</AttributeValue>
  <AttributeValue>CredentialTest</AttributeValue>
  </Attribute>
  </AttributeStatement>
  </Assertion>
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo>
  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#/iEncjfEQdaj4R/lpzUI2qqSQGE=">
  <ds:Transforms>
  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  </ds:Transforms>
  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
  <ds:DigestValue>f4dfLpF6DdIE3cTf+sGjl6G/yBI=</ds:DigestValue>
  </ds:Reference>
  <ds:Reference URI="#SecurityToken-6104382507547943490">
  <ds:Transforms>
  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  </ds:Transforms>
  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
  <ds:DigestValue>ll+krZmSgjLyIzVSF60xhsGrCfU=</ds:DigestValue>
  </ds:Reference>
  </ds:SignedInfo>
  <ds:SignatureValue>
  ivD8jDZacvY3LpFbd9c1LAVULwbG6AvGGkqEImkmxGsg+okCTj7xb8e/+wTQBFJ0WD/h5Ts8GnYO
  7/UupD/PDPE/7X/P4UwDjM8R4KJQH85sGgs11Z+1q6GeHR89UVKekfoeUSAR6vEklmdW9G5GefEG
  PisX58KR9jATY16aGHo=
  </ds:SignatureValue>
  <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <wsse:SecurityTokenReference wsu:Id="com-amberpoint-generated-SecurityTokenReference-element_id-23999404" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Reference URI="#SecurityToken-6104382507547943490" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
  </wsse:SecurityTokenReference>
  </ds:KeyInfo>
  </ds:Signature>
  </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
  <quer:searchCar>
  <quer:country>JPN</quer:country>
  <quer:state>JPN</quer:state>
  <quer:pickUpCity>Tokyo</quer:pickUpCity>
  <!--Optional:-->
  <quer:dropOffCity>?</quer:dropOffCity>
  <quer:pickUpDate>?</quer:pickUpDate>
  <quer:dropOffDate>?</quer:dropOffDate>
  <!--Optional:-->
  <quer:rentalAgency>?</quer:rentalAgency>
  <!--Optional:-->
  <quer:carType>?</quer:carType>
  <!--Optional:-->
  <quer:carMake>?</quer:carMake>
  <!--Optional:-->
  <quer:nonSmoking>?</quer:nonSmoking>
  </quer:searchCar>
  </soapenv:Body>
  </soapenv:Envelope>

  Hi,
  I was able to past my original problem, and can now sign the assertion which has the AssertionID attribute. I had to set the SAML version to 1.1 using initialize().
  Unfortunately, when I run the resulting signed assertion through a signature validation, it is failing to verify.
  I'm not sure why, but it is failing when it tries to verify the hash/digest on the reference.
  I am using a separate application that I wrote that uses Java6 and the security API that Java6 has, and with debugging enabled, I can see the dereferenced data that is being fed into the digester, and that looks correct, but the calculated digest doesn't match what my OSDT-based application generated.
  Anyone have any idea about what the problem might be?
  Thanks,
  Jim

• Multiple Vendor URL JSP Request Source Code Disclosure Vulnerability

            Has anybody heard about this vulnerability in weblogic web server? If so, is there
            a fix now or is BEA planning one soon? This is a potentially serious security
            hole.
            The problem exists in the way the web server handles decoding a requested URL.
            If the URL contains hex encoded values for characters in a filename, the contents
            of the requested file will be served to the client. If the requested file type
            is jsp the source will be sent to the client instead of the compiles version.
            If anybody has a fix, please post.
            

            Check Weblogic developer center, where you can find some security patches (including
            the one you mention) on right pane.
            http://developer.bea.com
            "Jay Reynolds" <[email protected]> wrote:
            >
            >Has anybody heard about this vulnerability in weblogic web server? If
            >so, is there
            >a fix now or is BEA planning one soon? This is a potentially serious
            >security
            >hole.
            >
            >The problem exists in the way the web server handles decoding a requested
            >URL.
            > If the URL contains hex encoded values for characters in a filename,
            >the contents
            >of the requested file will be served to the client. If the requested
            >file type
            >is jsp the source will be sent to the client instead of the compiles
            >version.
            >
            >If anybody has a fix, please post.
            

• Default request encoding in tomcat 4.0.6 (urgent)

  Hi all,
  I developed a web application which supports japanese characters. The configuration is apache, tomcat 3.3.1, mysql.In this configuration the application works fine.
  I tranferred the application to tomcat 4.0.6, now the japanese characters are displayed as ????. But the characters retrieved from the db are displaying correctly, the characters which are read from the text field are displaying like ??? (I set all the charset properly, this same code working correctly in the above configuration).
  I think in tomcat 3.3.1 server.xml file has <DecodeInterceptor /> tag to decode all the request in the given encoding, I used <DecodeInterceptor defaultEncoding="Shift_JIS" /> in tomcat 3.3.1, like this is any tags availabe to configure tomcat 4.0.6 or any otherway to decode the request. Please give me your suggestions, its very urgent because I am in the deadline of this project.
  Thanx in advance
  Regards,
  Pandiaraj

  You could try running the server from a Japanese or UTF-8 locale (depending on what encoding you are expecting from the client). This should change the default behaviour (when the browser doesn't explicitly say what encoding it is using).
  But if the charset was set properly when the form was served, then the browsers should be sending back the same charset with its Content-type header, so Tomcat 4 should automatically use the right encoding IIRC.

• CDSSO, SAML & Policy Agents

  Hi all,
  My client would like to use Policy Agents to provide access control to internal systems. They would also like to use SAML 2.0 to interact with 3rd parties.
  The use case I have in mind is as follows;
  1. User authenticates to a Portal (not secured via Policy Agent)
  2. User accesses protected resource on Portal (Policy Agent intercepts and validates login status)
  3. User clicks a link to access 3rd party site. 3rd party site sends a SAML request back to us. We respond with SAML response. User obtains access to 3rd Party.
  There are a number of issues I see with this Use Case;
  1. The Portal will authenticate the user credentials against Access Manager via a back-end WebService. It will receive an SSOToken. This does not log the user on to the Policy Agent on the site.
  2. The Policy Agent does not have an authenticated session. The SSOToken the portal just obtained cannot be used to authenticate to the Policy Agent. The Policy Agent requires a Liberty Post profile. Is there an alternative to the Liberty profile to automatically obtain a session on the Policy Agent? How can I generate a valid Liberty profile that the Policy Agent will accept?
  3. The incoming SAML request must re-use the identity established when the user authenticated to the portal - I can't challenge the user again for credentials - this must be seamless. I think I need to use the SDK to turn the SSOToken in to a SAML reply. Are there any alternatives?
  Thanks for helping
  Jez

  I don't believe that the agent know anything about SAML.

• WLC Message Log NPU and decoding error

  Hi there
  does someone know what the following errors are (what is NBU?) and how we can avoid them:
  *Aug 18 13:47:56.434: %LWAPP-3-NPU_ERR: spam_44xx.c:177 Invalid NPU index 1344
  *Aug 18 13:47:56.160: %CAPWAP-3-DECODE_ERR: capwap_ac_sm.c:1488 Error decoding discovery request from AP xx:xx:xx:xx:xx:xx
  Thanks a lot and best regards
  Dominic

  Hi Dennis
  yes this is absolutly true. Now it's clear, I forgot that there is a protocol step from 5.0 to 5.2.
  Thanks a lot and best regards
  Dominic

• Is OAM server as a SAML seecurity provider ?

  Hi Guys ,
  Thanks for your opening this thread , Now I had a question about OAM as below :
  I had a system act as SP who support SAML ,and we use OAM as our SSO server act as IDP, do we regard OAM as a SAML security provider ? if the answer is yes ,how can I configure it to integrate my system to OAM for implementing SSO ?
  High appreciated for your suggestion!
  Regards
  Mervin

  For SAML support OIF is there...OAM can as authenticator or Service provider integrator for authorization of protected page....you need to use weblogic od OIF for SAML request response and then request can be forwaded to OAM to authorize the user...
  i hope this answered your question....please let me know if you have any query
  Harpreet

• Weblogic saml2 Custom Principal cannot be added to the subject

  Dear All
  I have written a custom Identity Asserter Attribute Name Mapper in the SP side.In that I was trying to add the custom attributes to the subject Via Custom principals.
  The Subject came there as read only .hence i could not be able to add the principal to the subject.
  kindly help to modify the subject to not read only.
  looking forward for your assistance.
  Thanks.

  Hi Luis
  The same result .
  Is there anything wrong in the config.? Did u check the process attributes in the configuration ?
  This is the server log from service provider site.
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Service> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188354> <BEA-000000> <BASE64 decoded saml message:<?xml version="1.0" encoding="UTF-8"?><samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://sp.com:7006/saml2/sp/acs/post" ID="_0xeadf112ac6bd6c448bd4bdb81f7fbfbe" InResponseTo="_0x75109051ae8761fe4f2e862fd2dbe869" IssueInstant="2012-08-16T07:13:08.292Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.com:7004/saml2</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo>
  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#_0xeadf112ac6bd6c448bd4bdb81f7fbfbe">
  <ds:Transforms>
  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml samlp xs xsi"/></ds:Transform>
  </ds:Transforms>
  <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
  <ds:DigestValue>LxiHUPO8Ca0CVwYGJFvzl/KgilUaITagkH1qyag/mmE=</ds:DigestValue>
  </ds:Reference>
  </ds:SignedInfo>
  <ds:SignatureValue>
  iJstKuFt6h4nTzNh5uAkfQN7m4zH/J0DKJIKE39gUzHaOshK7aoV/KQxsiZEcxDPewCMp+Oj22la
  m2AxQmeLmw==
  </ds:SignatureValue>
  </ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_0x4d674d13663a689439f99e1f1c8e15f4" IssueInstant="2012-08-16T07:13:08.260Z" Version="2.0"><saml:Issuer>https://idp.com:7004/saml2</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo>
  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#_0x4d674d13663a689439f99e1f1c8e15f4">
  <ds:Transforms>
  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml xs"/></ds:Transform>
  </ds:Transforms>
  <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
  <ds:DigestValue>se+lgzg7x4j4kud7pX8DjH2xQPruzD5kG+hqQFryCaA=</ds:DigestValue>
  </ds:Reference>
  </ds:SignedInfo>
  <ds:SignatureValue>
  Z2JD6v9MbGmNEauonipP4cGTnWKFrGvbeVJUQcKxHTnpeeVqc/ad+1d8lvHvYKxSx8F0gMJZZ1uA
  zXUArbKQnA==
  </ds:SignatureValue>
  <ds:KeyInfo>
  <ds:X509Data>
  <ds:X509Certificate>
  MIIB7TCCAZcCEInOSDhbrVINiTj9abj9o8AwDQYJKoZIhvcNAQEEBQAweTELMAkGA1UEBhMCVVMx
  EDAOBgNVBAgTB015U3RhdGUxDzANBgNVBAcTBk15VG93bjEXMBUGA1UEChMOTXlPcmdhbml6YXRp
  b24xGTAXBgNVBAsTEEZPUiBURVNUSU5HIE9OTFkxEzARBgNVBAMTCkNlcnRHZW5DQUIwHhcNMTIw
  NjI2MTEyMjM4WhcNMjcwNjI3MTEyMjM4WjB7MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTXlTdGF0
  ZTEPMA0GA1UEBwwGTXlUb3duMRcwFQYDVQQKDA5NeU9yZ2FuaXphdGlvbjEZMBcGA1UECwwQRk9S
  IFRFU1RJTkcgT05MWTEVMBMGA1UEAwwMdnNvbHYtZGUtMjI0MFwwDQYJKoZIhvcNAQEBBQADSwAw
  SAJBALcEvvxiYtHI/Hhqz1ftNTFsqkNh0kbk7JqnQ569OmiTZYwiIPUM1xggYAUfeJGXJ/jcBycR
  0iyXrvxMyMgXF3kCAwEAATANBgkqhkiG9w0BAQQFAANBAA7zQ0oy3AM/N6Pzt4jMF3pHBtvtZk+2
  ay+Ce+0HPozcELKGySgy9bo/R7v7SJr6PGA1RlM4lZdkAk8xgHbRzuY=
  </ds:X509Certificate>
  </ds:X509Data>
  </ds:KeyInfo>
  </ds:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="idprec.com">weblogic</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData InResponseTo="_0x75109051ae8761fe4f2e862fd2dbe869" NotOnOrAfter="2012-08-16T07:15:08.260Z" Recipient="https://sp.com:7006/saml2/sp/acs/post"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2012-08-16T07:13:08.260Z" NotOnOrAfter="2012-08-16T07:15:08.260Z"><saml:AudienceRestriction><saml:Audience>https://sp.com:7006/saml2</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2012-08-16T07:13:08.260Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="loginid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">mylogin</saml:AttributeValue></saml:Attribute><saml:Attribute Name="role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><saml:AttributeStatement><saml:Attribute Name="Groups" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Administrators</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Service> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188464> <BEA-000000> <<samlp:Response> is signed.>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188479> <BEA-000000> <SAML2IdentityAsserterProvider: start assert SAML2 token>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188479> <BEA-000000> <SAML2IdentityAsserterProvider: SAML2IdentityAsserter: tokenType is 'SAML2.Assertion.DOM'>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188479> <BEA-000000> <SAML2Assert: Start verify assertion signature>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188479> <BEA-000000> <SAML2Assert: The assertion is signed.>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188479> <BEA-000000> <SAML2Assert: End verify assertion signature>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188479> <BEA-000000> <SAML2Assert: Start verify assertion attributes>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188479> <BEA-000000> <SAML2Assert: End verify assertion attributes>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188479> <BEA-000000> <SAML2Assert: Start verify assertion issuer>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188479> <BEA-000000> <SAML2Assert: End verify assertion issuer>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188479> <BEA-000000> <SAML2Assert: Start verify assertion conditions>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188479> <BEA-000000> <SAML2Assert: End verify assertion conditions>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188479> <BEA-000000> <SAML2Assert: Start verify assertion subject>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188479> <BEA-000000> <SAML2Assert: End verify assertion subject>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188479> <BEA-000000> <SAML2NameMapperCache.getNameMapper: Not found name mapper in the cache, try to create one>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188495> <BEA-000000> <SAML2Assert.processAttributes - processAttrs: true, processGrpAttrs: true>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188495> <BEA-000000> <SAML2Assert.processAttributes - NumOfAttrStatements: 2
  SAML2AttributeStatement - NumOfAttrs: 2
  attrName=loginid, attrNameFormat=urn:oasis:names:tc:SAML:2.0:attrname-format:basic, attrFridentlyName=null, NumOfAttrValues=1
  value=mylogin
  attrName=role, attrNameFormat=urn:oasis:names:tc:SAML:2.0:attrname-format:basic, attrFridentlyName=null, NumOfAttrValues=1
  value=value
  SAML2AttributeStatement - NumOfAttrs: 1
  attrName=Groups, attrNameFormat=urn:oasis:names:tc:SAML:2.0:attrname-format:basic, attrFridentlyName=null, NumOfAttrValues=1
  value=Administrators
  >
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188495> <BEA-000000> <SAML2Assert.processAttributes - Attributes will be stored in ContextHandler's ContextElement named com.bea.contextelement.saml.AttributePrincipals>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188495> <BEA-000000> <SAML2Assert.processAttributes - #NumOfMappedAttributes: 2>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188495> <BEA-000000> <SAML2Assert.createNameMapperInfo - attrName=Groups, attrNameFormat=urn:oasis:names:tc:SAML:2.0:attrname-format:basic, attrFridentlyName=null, NumOfAttrValues=1
  value=Administrators
  >
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188495> <BEA-000000> <SAMLIACallbackHandler: SAMLIACallbackHandler(true, weblogic, [Administrators])>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Atn> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188495> <BEA-000000> <SAMLIACallbackHandler: callback[0]: NameCallback: setName(weblogic)>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Service> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188495> <BEA-000000> <Using redirect URL from request cache: 'https://sp.com:7006/sp/index.jsp'>
  ####<Aug 16, 2012 12:43:08 PM IST> <Debug> <SecuritySAML2Service> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1345101188495> <BEA-000000> <Redirecting to URL: https://sp.com:7006/sp/index.jsp>
  ####<Aug 16, 2012 12:43:08 PM IST> <Info> <ServletContext-/sp> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1345101188510> <BEA-000000> <JspServlet: param verbose initialized to: true>
  ####<Aug 16, 2012 12:43:08 PM IST> <Info> <ServletContext-/sp> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1345101188510> <BEA-000000> <JspServlet: param packagePrefix initialized to: jsp_servlet>
  ####<Aug 16, 2012 12:43:08 PM IST> <Info> <ServletContext-/sp> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1345101188510> <BEA-000000> <JspServlet: param compilerclass initialized to: null>
  ####<Aug 16, 2012 12:43:08 PM IST> <Info> <ServletContext-/sp> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1345101188510> <BEA-000000> <JspServlet: param compileCommand initialized to: javac>
  ####<Aug 16, 2012 12:43:08 PM IST> <Info> <ServletContext-/sp> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1345101188510> <BEA-000000> <JspServlet: param compilerval initialized to: javac>
  ####<Aug 16, 2012 12:43:08 PM IST> <Info> <ServletContext-/sp> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1345101188510> <BEA-000000> <JspServlet: param pageCheckSeconds initialized to: 1>
  ####<Aug 16, 2012 12:43:08 PM IST> <Info> <ServletContext-/sp> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1345101188510> <BEA-000000> <JspServlet: param encoding initialized to: null>
  ####<Aug 16, 2012 12:43:08 PM IST> <Info> <ServletContext-/sp> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1345101188510> <BEA-000000> <JspServlet: param superclass initialized to null>
  ####<Aug 16, 2012 12:43:08 PM IST> <Info> <ServletContext-/sp> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1345101188510> <BEA-000000> <JspServlet: param workingDir initialized to: C:\Oracle\Middleware\user_projects\domains\sp_domain\servers\AdminServer\tmp\_WL_user\sp\whuuni>
  ####<Aug 16, 2012 12:43:08 PM IST> <Info> <ServletContext-/sp> <vsolv-de-224> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1345101188510> <BEA-000000> <JspServlet: initialization complete>
  ####<Aug 16, 2012 12:43:17 PM IST> <Info> <Health> <vsolv-de-224> <AdminServer> <weblogic.GCMonitor> <<anonymous>> <> <> <1345101197854> <BEA-310002> <57% of the total memory in the server is free>
  Thanks.

• Not able to color different rows with different colors in a column of table

  Hi,
  I am trying to to display different rows with different colors in a column of the table based on some decode condition.
  I have gone through the following threads :
  Can we colour the rows in the column of a table
  Changing Color of a value in a column
  This is what i have done :
  1.Added the following code to custom.xss(changed the name to Custom.xss as suggested in one of the above threads) --- in path ---- jdev\myhtml\OA_HTML\cabo\styles
  <style selector=".1">
  <includeStyle name="DefaultFontFamily"/>
  <property name="font-size">11pt</property>
  <property name="font-weight">Bolder</property>
  <property name="color">#008000</property>
  <property name="text-indent">3px</property>
  </style>
  <style selector=".2">
  <includeStyle name="DefaultFontFamily"/>
  <property name="font-size">11pt</property>
  <property name="font-weight">Bolder</property>
  <property name="color">#FFFF00</property>
  <property name="text-indent">3px</property>
  </style>
  2. Sql query of the VO is :
  select comments,role ,decode(role,'REQUESTER','1','2') Colorattr from xxat_sars_action_history where request_id = :1 and event_name = :2 and action_code <> 'PENDING'
  order by sequence_num desc
  3. Coded the following in the process request of the controller:
  OATableBean table = (OATableBean)webBean.findIndexedChildRecursive("CommentsTB");
  OAMessageStyledTextBean roleBN = (OAMessageStyledTextBean)webBean.findIndexedChildRecursive("role");
  OADataBoundValueViewObject cssjob = new OADataBoundValueViewObject(roleBN,"Colorattr");
  roleBN.setAttributeValue(oracle.cabo.ui.UIConstants.STYLE_CLASS_ATTR, cssjob);
  where 1 and 2 form the colors ( i have even tried with 'Red' and 'Yellow'...as it was not working replaced with 1 and 2)
  4.The query returns data fine with corresponding 1 and 2 values.
  But different colors are not getting reflecting on to the UI.
  I am testing this on my local jdev.
  Please do let me know if i am missing something.
  Thanks ,
  Sushma.

  Any Clues please.....
  Thanks,
  Sushma.

• Monitoring blocking Locks

  Hi
  This question relates to monitoring blocking locks on a 9.2.0.5 2 node RAC
  Origionally I have been monitoring bocking locks with every 5 mins using the following query:
  "select * from dba_blockers"
  I have recently implemented monitoring via grid control this is running an out of the box metric every 5 mins, the sql behind it is as follows:
  "SELECT blocking_sid, num_blocked
  FROM ( SELECT blocking_sid, SUM(num_blocked) num_blocked
  FROM ( SELECT l.id1, l.id2,
  MAX(DECODE(l.block, 1, i.instance_name||'-'||l.sid,
  2, i.instance_name||'-'||l.sid, 0 )) blocking_sid,
  SUM(DECODE(l.request, 0, 0, 1 )) num_blocked
  FROM gv$lock l, gv$instance i
  WHERE ( l.block!= 0 OR l.request > 0 ) AND
  l.inst_id = i.inst_id
  GROUP BY l.id1, l.id2)
  GROUP BY blocking_sid
  ORDER BY num_blocked DESC)
  WHERE num_blocked != 0 "
  Now.. At one point today the alert using "select * from dba_blockers" fired where as the out of the box metric from gird control did not fire.... alert duration was around 5 - 10 mins
  At first i simply assumed that this could have been a brief lock and due to both 5 min intervals being out of sync, the lock had shown and cleared before the grid control interval run.
  now im a little more curious.
  Is there any significan difference in what these 2 different SQL's will alert on, I was under the impression that DBA_BLOCKERS was simply querying a number of joined views, and Oracle had decided to use V$lock for their out of the box metric as it was more efficient.
  Any comments welcome
  Thanks

  Just to prove that the SQL is correct I have constrcuted a demo for you...
  SQL> create table t (a char(1));
  Table created.
  SQL> insert into t values ('z');
  1 row created.
  SQL> commit;
  in session 1 ---->
  select * from t where a='z' for update;
  ==================================================================
  in session 2 ---->
  update t set a='x' where a='z';
  (session simply hangs)
  ==================================================================
  in session 3 ------>
  SQL> select * from dba_blockers;
  HOLDING_SESSION
  48
  SQL>
  SQL> SELECT blocking_sid, num_blocked
  FROM ( SELECT blocking_sid, SUM(num_blocked) num_blocked
  FROM ( SELECT l.id1, l.id2, MAX(DECODE(l.block, 1, i.instance_name||'-'||l.sid,
  2, i.instance_name||'-'||l.sid, 0 )) blocking_sid,
  SUM(DECODE(l.request, 0, 0, 1 )) num_blocked
  FROM gv$lock l, gv$instance i
  WHERE ( l.block!= 0 OR l.request > 0 ) AND
  l.inst_id = i.inst_id
  GROUP BY l.id1, l.id2)
  GROUP BY blocking_sid
  ORDER BY num_blocked DESC)
  WHERE num_blocked != 0;
  2 3 4 5 6 7 8 9 10 11 12
  BLOCKING_SID NUM_BLOCKED
  RAC1-48 1
  So back to the origional question,
  I am using both these queries from different monitors on my prod syystem, both running on 5 minute intervals, " select * from dba_blockers" fired where as the above query - querying gv$lock did not fire.
  Origionaly i assumed that the blocking lock may have simply lasted 3t0 seconds, and due the 5 minute monitor intervals of each metric not being in sync, ... "select * from dba_blockers" may have picked up the lock, then the query selecting from gv$lock ran 2 mins later by which time the lock had disapeared.
  -Can anyone suggest any other reasons other than this why one monitor (select * from dba_blockers) picked up the lock and the other (gv$lock) didnt?
  Thanks