IBM DataPower integration using SAML 2.0
Hi,
We are developing a POC with OSB and IBM Datapower acting as SOA security gateway. DataPower is receiving all the requests at the DMZ and resolving all the security checks before go to the ESB layer in the intranet/secure zone.
They have 3 security flavors implemented, having OID as LDAP:
1.- WS-Security using username token.
2.- WS-Security using binary token (x.509 certificates).
3.- SAML 2.0 assertions.
We can overcome the 2 first barriers without problems; it means that we have DataPower + OSB working on those scenarios.
For the SAML one, we have a proxy service deployed at the OSB and we tried with the SAML security policy named oracle/wss11_saml20_token_with_message_protection_service_policy available at the OWSM, but the requests from DataPower could not be processed, instead of we are using the same keys infrastructure at the both sides.
- Could we create a new security policy at the OWSM side to adopt DataPower requirements?
- Where we can find detailed documentation about the encryption/signature mechanism applied at each SOAP message part for the OWSM policy mentioned above?
We need specific documentation about how this policy works: oracle/wss11_saml20_token_with_message_protection_service_policy
It means, the encryption/signature methods used at each SOAP message part . For example, looking at the message processed by this policy, seems that there are message parts which are signed more than one time, switching between different encryption algorithms. We need understand the security logic/strategy followed by this policy for our integration needs.
Thanks
Hello Murugavel,
I don't think it is the right forum for your question, C# is a forum "Discuss and ask questions about the C# programming language, IDE, libraries, samples, and tools." However your issue may more related to SAML relationship with .NET Framework. I would
recommend you consult on SAML related forum.
Regards,
Barry
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.
Similar Messages
-
Integrating Oracle EBS with web services which use SAML authentication
Hi,
I have a requirement to invoke web service using PL/SQL from a Custom Form of EBS.
The web Service is configured to use SAML as authentication mechanism.
Coming to question!
1) How do I make my EBS integrate with a SAML provider preferably (Oracle Identity Federation) ?
2) How do i get the SAML token in my PL/SQL and pass it on to the web service?
Regards
Dharmviruser1983888 wrote:
Hi ,
We have Oracle EBS R12 (12.1.2) with Oracle Database 11gR2 (11.2.0.2) Database on Linux env.
We want to implement Oracle Database Vault 11gR2. We are referring to Note: Integrating Oracle E-Business Suite Release 12 with Oracle Database Vault 11gR2 [ID 1091083.1].
Do we need to install Oracle Database 11gR2 (s/w only) again on the Oracle Database Server or can we use the existing Oracle EBS Database 11gR2 Home which is already on 11.2?
Regards,
ThiruAs mentioned in the doc "If your E-Business Suite R12 is already integrated with 11gR2 database, you just need to enable Database Vault 11gR2 & register it with the database as per Task 3", so no installation of ORACLE_HOME is required and you just need to "Register Oracle Database Vault".
Thanks,
Hussein -
Problem in configuring SSO using SAML for applications hosted on diff m/c
Hi Techies,
I am stuck in a weird problem for past month or so without any resolution. Not much help by googling. So I hope i get the answer from the mouth of the horses -
I am trying to use SSO using the sample application appA and appB as stated in the tutorial of SSO by BEA.
I am summarizing the problem below -
Steps followed for Configuring SSO using SAML
1. Created 2 domains on 2 seperate machines namely domainA and domainB
2. Source appliction is deployed on domainA and the target application is deployed on domaninB
The steps mentioned in the following tutorial has been followed-
http://dev2dev.bea.com/pub/a/2006/12/sso-with-saml.html
3. As mentioned in the tutorial the certificate is generated using keytool utility. The same certificate is copied
to WEBLOGIC_HOME/server/lib of destination machine.
4. The certificate was successfully registered on desitnation or host 2 but while activating the configuration
changes(SSL client Ientity Alias and SSL Client Identity Pass Phrase) for Federation services the following error
is thrown -
" SAMLBeanUpdateListener: SAMLKeyManager.prepareUpdate() failed with exception:
weblogic.descriptor.BeanUpdateRejectedException: SAML key Manage failed to validate key (SSL Client) configuration
in the FederationServicesMBean, key alias: testalias "
The interesting bit of the problem is that the same configuration works on 2 domains created on same machine. The
problem only occurs when domains are created on seperate machines.
Alterative to the problem: when the certificate is generated seperately for domainB and copied to
WEBLOGIC_HOME/server/lib, it works. However, the certificate generated in domainA should have been copied.
Note: I am using Weblogic portal 9.2.1
Any quick replies will be much appreciated. Thanks.
Edited by saurabh.agrawal at 02/06/2008 2:01 PMHi François,
You are right about the use of the NameID format. But the issue here is/was that OIF at SP is integrated with OAM, and the authenticated user at OIF-SP and OAM will be the Anonymous user rather than the user who was identified at the IdP even though the remaining attributes sent are for the IdP user. I think these attributes can be used by with OAM for authorization using custom authorization plug-ins but haven't tried that one out.
As for the attribute sharing profile, it's this one - http://www.oasis-open.org/committees/download.php/18058/sstc-saml-x509-authn-attrib-profile-cd-02.pdf, although for the life of me, I cannot remember why I suggested this in the first place!
-Vinod -
How to configure MQ-FTE and IBM Datapower along with PI7.1
Hi Friends,
Can somebody guide me with the steps to configure MQ-FTE and IBM Datapower with PI7.1 for B2B communication?
Thanks,
--Sonal1. What is the difference between JMS MQ and Native MQ? How to determine which one to use?Native MQ refers to a proprietary api provided by IBM in multiple languages including java so that applications running on these can communicate mq. IBM also provides JMS wrappers around this native api, so that a jms client can talk to mq using JMS API. This is called MQ JMS.
2. If native MQ can be used here, what are the steps to configure Native MQ on WLS in my situation?SOA suite provides a MQ Resource Adaptor which can be used to connect to MQ. The developers of this resource adapter would have used the native api to enable the adaptor to talk to MQ, so that you dont have to worry about it. However you will need to configure the properties of your local MQ ( qmgr , q name etc). This is done in the outbound connection pool properties of the resource adaptor.
please check this blog for how to do this : http://soa-bpel-esb.blogspot.com/2009/09/configuring-mq-in-11g-soa-suite.html.
Since your MQ installation is in a remote machine you will have to configure the following properties specific to your environment - hostname, port, server connection channel, along with the queue manager name and queue name
3. Do I need any foreign servers or message bridges to be configured?Not required for your case if you are using MQ Adaptor. Since MQ also provides a JMS transport , you would have required foreign servers if you have to use JMS Adaptor instead of MQ Adaptor. Native MQ is expected to be faster than MQ JMS as it doesn't have the extra JMS layer. -
Configuring Single Sign-On using SAML in WebLogic Server 9.2
Hi,
I am trying to configure SSO using SAML as it is mentioned in the following URL -
http://dev2dev.bea.com/pub/a/2006/12/sso-with-saml.html?page=1
It works well for appA and appB which are provided by bea as sample applications. However, when i tried to do the same with one of my portal application developed in weblogic portal 9.2 and the other application as appB (sample app provided by bea), it doesn't work.
When i do request.getRemoteUser() it returns NULL.
Changes done by me to make it work are as follows -
1. Changed the weblogic.xml to remove the following -
<security-role-assignment>
<role-name>admin</role-name>
<principal-name>ssouser</principal-name>
</security-role-assignment>
Reason: This will need configuring all the users here which should not be the case as we are using REDHAT LDAP for authentication.
2. Modified the web.xml file. Removed the following -
<security-role>
<description>These are the roles who have access.</description>
<role-name>admin</role-name>
</security-role>
3. Configured domains for both the application to use redhatldapauth which is the central repository of all the users for our application.
4. We have created a new role "testrole". All uisers having this role should be able to access appB.
Change in web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description>These pages are only accessible by authorized users.</description>
<url-pattern>/admin/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>These are the roles who have access.</description>
<role-name>testrole</role-name>
</auth-constraint>
<user-data-constraint>
<description>This is how the user data must be transmitted.</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
Can anyone let me know where am I going wrong or what changes are required to make it work ?
Note: The sample apps create users explictly in local weblogic LDAP. However we are using Redhat LDAP. Hence, we are not explcitly creating users as mentioned in the above link.
Thanks in advance,
SaurabhYou may still need to define the role in the weblogic.xml file in order for deployment descriptor-based role definition to work (alternatively you could use the WebLogic Server console to define the role and policy).
You can specify your role "testrole" as "externally-defined" as opposed to mapping it to specific principals.
See http://e-docs.bea.com/wls/docs92/webapp/weblogic_xml.html#wp1040908
Jeff -
SEEBURGER integration using PI: BIS, BIC, AS2 Adapter, FTP ?
Hi All,
we are exploring on EDI project, where sap ecc is integrated with an seeburger edi partner via PI.
the integration involves: EDI ANSI X12 documents like 850, 855, and UN/EDIFACT documents like DESADV
for this while searching, i came across:
1. the wiki content created by Prateek Raj Srivastava, http://wiki.sdn.sap.com/wiki/display/XI/SeeburgerSuiteforSAPPI
2. a presentation by sam raju http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/00f9cdf5-d812-2a10-03b4-aff3bbf792bf?QuickLink=events&overridelayout=true
I was trying to find out, what all we need in PI..
in PI, what type of communication channel can be used,
can we use FTP adapter, that is comes by default in PI.
or is it necessary to buy something (adapter or content) from SEEBURGER.
after searching little more on seeburger front, got to know that there are:
BIS (Business Integration Server)
BIC (Business integration Converter)
AS2 adapter.
is BIC is an adapter, that we can select as adapter type, while creating the communication channel.
the presentation by sam raju, describes "Configuring BIC as Module", if BIS is configured as a module, what is the type of communication channel in ID.
is AS2 adapter is part of BIS or BIC.
for integration using PI, out of BIS, BIC, AS2, what all is minumum required?
what are the roles of BIS, BIC and AS2 in the context of integration using PI.
thanks in advance.
Madhu_1980>>in PI, what type of communication channel can be used,
Any. Using Seeburger Adapter for EDI communication is not mandatory.
>>can we use FTP adapter, that is comes by default in PI.
Yes, you can use it to send even EDI files.
>>or is it necessary to buy something (adapter or content) from SEEBURGER
To convert EDI-xml file to EDI, you have to use Seeburger BIC module which has to be purchased.
>>is BIC is an adapter, that we can select as adapter type, while creating the communication channel.
No, it is an adapter module.
>> BIS is configured as a module, what is the type of communication channel in ID.
Don't get confused between BIC and BIS. BIC is a module and BIS is a separate middleware provided by Seeburger just like PI. You can use BIC module in any channel which supports use of adapter module.
>>is AS2 adapter is part of BIS or BIC.
AS2 can come with BIS middleware. It is type of adapter while BIC is module.
>>for integration using PI, out of BIS, BIC, AS2, what all is minumum required?
For EDI communication, BIC is required (if you don't want to create your own modules). AS2 is required only when some partner demands the use of AS2 protocol for communication.
>>what are the roles of BIS, BIC and AS2 in the context of integration using PI.
Already explained. Forget BIS when you already have PI.
Regards,
Prateek Raj Srivastava -
AD Groups not being resolved in SharePoint 2013 that use SAML Authentication (ADFS)
Hi,
I am wondering to see if we can use AD groups to add to SharePoint groups when using SAML Authentication.
Details:
SharePoint Server 2013 - Default Zone with NTLM, extended to extranet zone with SAML authentication only
I used LDAPCP from codeplex http://ldapcp.codeplex.com/ and am able to resolve the users through email address but not the Active Directory security groups.
Any insight on this is really appreciated.
Thanks, SVHi Sunny,
Find the following article with similar issue, please check if it could help to resolve AD security groups in SharePoint.
http://www.sharepointsecurity.com/sharepoint/sharepoint-security/adfs-not-resolving-active-directory-security-groups-in-sharepoint/
Thanks
Daniel Yang
TechNet Community Support -
Using Saml token profile 1.1 with WLS 10.3
Hi All
I am a Student from IITB. I am trying use message-level authentication for webservices using SAML Token Profile 1.1 on weblogic 10.3. I have done the necessary configuration but I am getting an error
"Unable to add Security Token for Identity ". I Started the SamlCredMapper Debug flag on from the console and saw the logs and I saw that everything is going fine untill at one place it
gives this error
<Debug> <SecuritySAMLCredMap> ' *<1245866312123> <BEA-000000> *<SAMLCredentialMapperV2: getCredentialInternal(): InvalidParameterException while validating parameters: weblogic.security.service.InvalidParameterException: Unable to generate SAML Assertion: No partner ID or target resource>**
I do not know how to fix this problem. Please Tell me if anyone has any idea about it.
Thanks
regards,
Sanyam
//The Logs are as follows
<Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310425> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): initiator = Subject: 1
Principal = class weblogic.security.principal.WLSUserImpl("ssouser")
>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310425> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): resource = (null)>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310426> <BEA-000000> <SAMLRPConfigManager.findPartnerInTargetMap():Searching with key 'sender-vouches:http://usmumsanygoyal1:7001/SSOTryService/SSOTestHelloWorld'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310426> <BEA-000000> <SAMLRPConfigManager.findPartnerInTargetMap():Found partner 'rp_00001'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310436> <BEA-000000> <SAMLNameMapperCache.getNameMapper: Not found name mapper in the cache, try to create one>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310437> <BEA-000000> <SAMLNameMapperCache.getNameMapper: create SAMLNameMapperImpl name mapper>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310439> <BEA-000000> <SAMLNameMapperImpl: mapSubject: No valid WLSGroup pricipals found in Subject, continuing>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310439> <BEA-000000> <SAMLNameMapperImpl: mapSubject: Mapped subject: qualifier: null, name: ssouser, groups: []>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310440> <BEA-000000> <SAMLCreateAssertion: Mapped subject 'Subject: 1
Principal = class weblogic.security.principal.WLSUserImpl("ssouser")
' to: username='ssouser',qualifier='null',format='urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310442> <BEA-000000> <SAMLCreateAssertion: No context or subject attribute were mapped>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310442> <BEA-000000> <SAMLCreateAssertion: Groups attribute statement requested but name mapper returned no groups -- groups attribute statement will not be generated>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310445> <BEA-000000> <SAMLCreateAssertion: Creating sender-vouches assertion>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310445> <BEA-000000> <SAMLCreateAssertion: Assertion IS signed>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310445> <BEA-000000> <SAMLCreateAssertion: KeyInfo IS NOT supplied>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310445> <BEA-000000> <SAMLCreateAssertion: AttrStmtInfo IS NOT supplied>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310460> <BEA-000000> <SAMLCreateAssertion: Created SAMLSubject for 'ssouser'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310460> <BEA-000000> <SAMLCreateAssertion: Created SAMLSubject>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310475> <BEA-000000> <SAMLCreateAssertion: SAMLCreateAssertion: Cloning SAMLSubject>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310476> <BEA-000000> <SAMLCreateAssertion: SAMLCreateAssertion: Created SAMLAuthenticationStatement>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310484> <BEA-000000> <SAMLCreateAssertion: SAMLCreateAssertion: Signing assertion, keyinfo is included>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310508> <BEA-000000> <SAMLSignedObject.sign(): algorithm 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310509> <BEA-000000> <SAMLSignedObject.sign(): reference '#b21cfea8d3c90fee97a3100a59b0005e'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310509> <BEA-000000> <SAMLSignedObject.sign(): InclusiveNamespaces '#default saml samlp ds dsig code kind rw typens'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310542> <BEA-000000> <SAMLSignedObject.sign(): adding certificates>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310556> <BEA-000000> <SAMLSignedObject.sign(): signing object>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310706> <BEA-000000> <SAMLSignedObject.sign(): completed>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310706> <BEA-000000> <SAMLCreateAssertion: SAMLCreateAssertion: Signed assertion>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310706> <BEA-000000> <SAMLCreateAssertion: SAMLCreateAssertion: Created SAMLAssertion>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310706> <BEA-000000> <SAMLCreateAssertion: Returning assertion>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310706> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): Returning non-null credential>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311896> <BEA-000000> <SAMLIdentityAsserter: assertIdentity() called>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311897> <BEA-000000> <SAMLIdentityAsserter: SAMLIdentityAsserter: tokenType is 'SAML.Assertion.DOM'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311903> <BEA-000000> <SAMLAssertion: Assertion passed basic validity check>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311905> <BEA-000000> <SAMLAssertion: Target for assertion is: 'http://usmumsanygoyal1:7001/SSOTryService/SSOTestHelloWorld'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311905> <BEA-000000> <SAMLAssertion: Assertion issuer is: 'http://usmumsanygoyal1:7001/'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311906> <BEA-000000> <SAMLAssertion: Assertion subject confirmation method is: 'urn:oasis:names:tc:SAML:1.0:cm:sender-vouches'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311907> <BEA-000000> <SAMLAPConfigManager.findPartnerInTargetMap():Searching with key 'sender-vouches:http://usmumsanygoyal1:7001/&http://usmumsanygoyal1:7001/SSOTryService/SSOTestHelloWorld'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311907> <BEA-000000> <SAMLAPConfigManager.findPartnerInTargetMap():Found partner 'ap_00001'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311907> <BEA-000000> <SAMLAssertion: Found asserting party 'ap_00001'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311907> <BEA-000000> <SAMLAssertion: Assertion is signed>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311908> <BEA-000000> <SAMLTrustManager: Looking for certificate alias 'testalias'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311930> <BEA-000000> <SAMLTrustManager: Certificate was found>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311937> <BEA-000000> <SAMLSignedObject.verify(): key supplied>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311963> <BEA-000000> <SAMLSignedObject.verify(): obtained signed info>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311963> <BEA-000000> <SAMLSignedObject.verify(): validating signature>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311970> <BEA-000000> <SAMLSignedObject.verify(): completed>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311970> <BEA-000000> <SAMLAssertion: Signature verified using trusted certificate>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311977> <BEA-000000> <Got signing certificate for signed object: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311977> <BEA-000000> <SAMLAssertion: Assertion subject confirmation method is: 'urn:oasis:names:tc:SAML:1.0:cm:sender-vouches'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311977> <BEA-000000> <SAMLAssertion: Verified subject confirmation method>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311978> <BEA-000000> <SAMLAssertion: Assertion issuer is 'http://usmumsanygoyal1:7001/'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311978> <BEA-000000> <SAMLAssertion: Assertion issuer verified>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311980> <BEA-000000> <SAMLAssertion: Assertion contains NotBefore condition>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311980> <BEA-000000> <SAMLAssertion: Assertion contains NotOnOrAfter condition>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311980> <BEA-000000> <SAMLAssertion: NotBefore condition satisfied>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311980> <BEA-000000> <SAMLAssertion: NotOnOrAfter condition satisfied>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311981> <BEA-000000> <SAMLAssertion: Assertion has AudienceRestrictionCondition>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311981> <BEA-000000> <SAMLAssertion: Found matching audience 'http://usmumsanygoyal1:7001/'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311981> <BEA-000000> <SAMLAssertion: AudienceRestriction condition satisfied (matching audience)>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311981> <BEA-000000> <SAMLAssertion: Assertion has DoNotCache condition>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311981> <BEA-000000> <SAMLAssertion: Assertion conditions verified>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311986> <BEA-000000> <SAMLAssertion: Found subject for name: 'ssouser'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311987> <BEA-000000> <SAMLNameMapperCache.getNameMapper: Not found name mapper in the cache, try to create one>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311987> <BEA-000000> <SAMLNameMapperCache.getNameMapper: create SAMLNameMapperImpl name mapper>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311987> <BEA-000000> <SAMLAssertion: Looking for AttributeName 'Groups'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311987> <BEA-000000> <SAMLAssertion: Looking for AttributeNamespace 'urn:bea:security:saml:groups'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311987> <BEA-000000> <SAMLAssertion: ProcessGroups is true but did not find expected groups attribute statement>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311988> <BEA-000000> <SAMLNameMapperCache.getNameMapper: Found name mapper in the cache>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311988> <BEA-000000> <SAMLNameMapperImpl: mapNameInfo: returning name: ssouser>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311989> <BEA-000000> <SAMLNameMapperImpl: mapGroupInfo: returning groups: null>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311989> <BEA-000000> <SAMLIACallbackHandler: SAMLIACallbackHandler(true, ssouser, null)>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311996> <BEA-000000> <SAMLIACallbackHandler: callback[0]: NameCallback: setName(ssouser)>
####<Jun 24, 2009 11:28:32 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866312002> <BEA-000000> <SAMLIACallbackHandler: callback[0]: NameCallback: setName(ssouser)>
####<Jun 24, 2009 11:28:32 PM IST> <Debug> <SecuritySAMLCredMap> ' <1245866312122> <BEA-000000> <SAMLCredentialMapperV2: getCredentials: Subject initiator>
####<Jun 24, 2009 11:28:32 PM IST> <Debug> <SecuritySAMLCredMap> ' <1245866312122> <BEA-000000> <SAMLCredentialMapperV2: getCredentials(Subject): getCredentialInternal() called>
_####<Jun 24, 2009 11:28:32 PM IST> <Debug> <SecuritySAMLCredMap> ' *<1245866312123> <BEA-000000> **<SAMLCredentialMapperV2: getCredentialInternal(): InvalidParameterException while validating parameters: weblogic.security.service.InvalidParameterException: Unable to generate SAML Assertion: No partner ID or target resource>**_*Client Side
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:credential-mapper xsi:type="wls:saml-credential-mapper-v2Type">
<sec:name>SAMLCredentialMapper</sec:name>
<wls:issuer-uri>www.bea.com/demoSAML</wls:issuer-uri>
<wls:name-qualifier>bea.com</wls:name-qualifier>
<wls:signing-key-alias>testalias</wls:signing-key-alias>
<wls:default-time-to-live-delta>-30</wls:default-time-to-live-delta>
<wls:signing-key-pass-phrase-encrypted>{3DES}dOC15C42IEzCnN/klGIdyQ==</wls:signing-key-pass-phrase-encrypted>
</sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:key-store xsi:type="wls:default-key-storeType">
<sec:name>keystore</sec:name>
</sec:key-store>
<sec:name>myrealm</sec:name>
</realm>
Server side
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:saml-identity-asserter-v2Type">
<sec:name>SAMLIdentityAsserter</sec:name>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
</realm>
Sanyam -
BI System Integration using EP iView Template
Hi,
Can u plz provide me POC, step by step process of below 2 que.
1. BI System Integration using EP iView Template.
2. BI System Integration using Federated Porta
Thanks
PrakashHi,
select your workset or folder where you should create the iview. Right click, it show you context menu, put create iview. You will have any options, one is BI, select this option.
Best Regards,
Conrado
www.forosap.com spanish forums -
How to use SAML in JDeveloper?
Hi,
I am trying to secure the information send between a Web Service secured with an OWSM Gateway and client proxy in JDeveloper using SAML. I can find the security setting in the security wizard for the proxy where you can setup the SAML details but I have no idea how to proceed. I can find not demo or How-to on this so any help would be appreciated :-)
Regards PeteIt seems that there is nobody meeting the same problem.
I solved it by myself.
An thanks. -
XI - EP integration using the TREX RFC Connction
Hi Experts,
Is there a document on XI - TREX integration using the RFC connection. I need to build an application in EP where I would search for messages in the XI box based on certain input parameters. The search would happen using the TREX engine which in turn has indexes of all XI messages.
Regards,
ShobhitHi Shobhit,
In addition, check the following lings... might be helps to you...
http://help.sap.com/saphelp_nw04s/helpdata/en/70/0837ced133304eba452c45b6047c74/content.htm
/thread/143082 [original link is broken]
/thread/126493 [original link is broken]
/people/prasad.illapani/blog/2005/11/14/payload-based-message-search-in-xi30-using-trex-engine
Cheers...
Vasu
<b>** REward Points if found useful **</b> -
SSIS 2012 continuous integration using msbuild
Hi,
I have an SSIS 2012 project file *.dtproj. I want to create .ispac file from a program for continuous integration. I saw posts saying we cannot do it using msbuild. What are the other options? Has anyone used ssismsbuild (sqlsrvintegrationsrv codeplex)
I am very new to .NET and SSIS. Any example or step by step instruction to achieve this is highly appreciated.
Thanks,
RajeshHi Rajesh
I created a CI system for SSIS 2012. I used Microsoft.SqlServer.IntegrationServices.Build.dll from
the (Microsoft
SQL Server Community Samples: Integration Services) to make the MSBuild working. Jenkins is used
for CI system. Details can be found from this link: http://speaksql.wordpress.com/2013/09/04/ssis-2012-continuous-integration-using-jenkins-and-octopus-a-journey-to-db-deployment-automation/ -
Single Sign-On using SAML in WebLogic Server 10.3
I followed Vikrant Sawant's tutorial on how to configure single sign-on (SSO) with SAML in WebLogic (http://www.oracle.com/technology/pub/articles/dev2arch/2006/12/sso-with-saml.html) but am being forced to re-authenticate when going from Domain B back to Domain A. I'd appreciate any help or suggestions.
I posted a question in the General forum here:
Single Sign-On using SAML in WebLogic Server 10.3I too am facing the same problem SSO with SAML - Session on Source Site killed after landing on Destination
Thanks
Togotutor
<b><a class="jive-link-external" href="http://www.togotutor.com">http://www.togotutor.com</a> (Learn Programming and Administration for Free)</b>
Edited by: user7507600 on Sep 17, 2010 10:01 AM -
B2B INTEGRATION USING WEBLOGIC INTEGRATION PLATFORM 8.1
procedure and requirements for B2B INTEGRATION USING WEBLOGIC INTEGRATION PLATFORM 8.1
Message was edited by:
sachuSaurabh,
Well it is achievable with a bit of custom code which should not be very difficult to make.
1) Is this flow achievable using Beehiveonline ?
Yes, you can have the external users programmatically upload the content into the system and if you set up a subscription for a genric user/email it could be informed when something changes and programmatically copy it out to wherever you need it to go.
2) How can we fetch the files from Beehiveonline directories ? Can we use generic SFTP/FTPS adapters to do so?
FTPS can be used along with the developers kit, webDAV and HTTP transfers - I have a working java FTPS programme that can be used to upload/download the files so that piece already exists.
As usual the devil will be in the detail and the flow you describe at the moment is a bit sparce on detail :-)
Phil -
Siebel On Demand Outbound Webservice integration using bpel question
Hello everyone,
I have a question I am hoping the forum can help me out with
I am trying to do an integration using bpel with Siebel on demand as the begining point. The bussiness case is that I want qualified leads to be extracted out of the Siebel On Demand crm to be integrated into a back end system. This is put into a queue in the integration events. I have read the forum on all the session id and intermediate java code that provides the session id. I noticed that Siebel on demand is not a webservice requestor and only a webservice provider even for outbound messages. Since bpel always needs an input of some sort how would I kick off bpel to keep checking the queue not to mention getting the session id ect?
Any help would be great :)
JadenHi ,
An integration even is something that is configured using a workflow. Like say when a Lead field is modified of r a particular Lead this even fires and will go and reside in Integration Even Queue.
A separate bpel process is then required to read the Integration Queue (wsdl's available) and then process this even for the lead.
Regarding extraction of Leads from SOD it need to have any Inegration events. Even without this we can do it. Just make a webcall using the Lead wsdl and then process th erecords usinga while Loop stucture. You can use a DB adapter to write to the target Database tables.
Nyjil
Maybe you are looking for
-
What happens if I delete my iCloud
Hi, i bought an iPad Air for school last year that was 16gb which was not enough storage, so this year I bought an iPad air 2 128gb it has been great so far but the iCloud is really bothering me! I keep getting annoying messages in the middle of the
-
TS4268 Why won't my iMessage work? I always have to press "send as text" instead
I just bought a new IPhone 4, and for a few days the iMessage did work but now all of a sudden it will not send no matter how good my service is, and then I have to press "send as text message" in order for it to send
-
An error occurred during the installation of itunes 10.5
an error occurred during the installation 'policy 8.0. Microsoft. VC80.CRT.type="win32-policy". version="8.0.50727.6195".publicKey Token="1fc8b3b9a1e18e3b". processorArchitecture="x86". Please refer to help and support for more information. Please he
-
I'm making a video play that uses XML to go to the cue points but I just can't get the xml and actionscript to work together...
-
Document I was reading in Adobe reader closes when I restart app
Hi there, There is is a bug in your iPad app. The scenario goes like this... I open a document in Adobe reader and start reading I press home to do something else I double click home button and see that adobe reader still shows my open document and I