Read Userid from SAML Assertion Ticket
Hi,
I have following queries:
1) I need to read userid from SAML assertion ticket. If so, pls share the process/code ?
2) Can i send authorization data as part of SAML assertion ticket. if so, pls share the process.
Thanks,
Mano.
Hi Mano,
I am not sure what you mean by User id as output. But I know you can configure an SAP server as a service provider which can initiate an authentication to an Identity provider.
Here is the documentation. Hopefully this helps.
Using SAML2.0 in SAP for ABAP #
http://help.sap.com/saphelp_nw70ehp2/helpdata/en/46/631b92250b4fc1855686b4ce0f2f33/content.htm
Using SAML2.0 in SAP for Java #
http://help.sap.com/saphelp_nw70ehp2/helpdata/en/94/695b3ebd564644e10000000a114084/content.htm?frameset=/en/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
SAP As a Service provider for ABAP #
http://help.sap.com/saphelp_nw70ehp2/helpdata/en/4a/b6df333fec6d83e10000000a42189c/content.htm
Including Legacy System in your SAML2.0 Landscape #
http://help.sap.com/saphelp_nw70ehp2/helpdata/en/4a/b4f01285376d61e10000000a42189c/content.htm?frameset=/en/4a/b6df333fec6d83e10000000a42189c/frameset.htm
Dhee
Similar Messages
-
Hi,
My composite app will be invoked by x party from soapui. the input soap request has samlassertion contains
<saml:Assertion .... Issuer="testone.com" ...xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" ...>
<saml:Conditions NotBefore="... NotOnOrAfter="...>
<saml:AudienceRestrictionCondition>
<saml:Audience>https://ws.test.com/</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" AuthenticationInstant="...">
<saml:Subject>
<saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" NameQualifier="testdmn.com">testuser</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference wsu:Id="TestCert" wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
<wsse:Reference URI="#....>
</wsse:SecurityTokenReference>
</KeyInfo>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:AuthenticationStatement>
<Signature ...
I added saml service policy at soa suite composite, if saml authentication succeed then I will call some ecternal service from my bpel in composite.
If I execute the app from soapui I am getting the following error:
Found invalid name identifier in SAML assertion. Can not find the specified user in id store: testuser
Since I want to do saml authentication by consuming the samlassertion is it enough to configure saml identity asserter only or do I also need saml credential mapper?
Also where exactly I can specify the user, audience, NameQualifier, certificate info which I am getting from saml assertion?
Please specify any extra configuration do I require to execute this.
Please provide your inputs as it is urgent for me. Thanks in advance.Hi Mahesh,
There is no scope request parameter needed. It is hard to know precisely what is the issue without the trace of your call, such as provided, for example, by Fiddler. For example, here is a call that I made showing traced through Fiddler showing how this flow works. My suspicion is that you may have a typo in the grant_type parameter, which should be urn:ietf:params:oauth:grant-type:saml2-bearer with the colons escaped as below.
The HTTP request:
POST https://jamN.sapjam.com/api/v1/auth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Java/1.7.0_45
Host: jamN.sapjam.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Content-Length: 3202
client_id=i7Gb...x8D3vZ4&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Asaml2-bearer&assertion=PEFzc...W9uPg%3D%3D
The HTTP response:
HTTP/1.1 200 OK
Date: Thu, 27 Nov 2014 22:13:44 GMT
Server: Apache
ETag: "f5caac8abf77eeb7cff782242d8d0f31"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 54ffb30f21bf2258e0f1607b5124da08
X-Runtime: 0.247811
X-Rack-Cache: invalidate, pass
Status: 200 OK
Vary: Accept-Encoding
Connection: close
Content-Type: application/json; charset=utf-8
Content-Length: 59
{"access_token":"As3Uv...hVMswcBV"}
Thanks,
Bo -
How to get SAMl assertion from SOAP Header and propagate user context to BW
Hello to all,
we implemented this scenario:
3rdparty System to SAP PI 7.11 to SAP BW.
sync. communication via SOAP Sender adapter and Receiver XI PROXY.
We get a SAMl assertion in the SOAP Header from the 3rd-Party System.
The SAP BW System could not read the Header information.
How can we get the information of the SOAP Header in the PI System and send the usercontext via XI Proxy to the SAP BW system?
Can we read the Header information in the SOAP adapter and mapping it to another field in the payload or Headerinformation which could read in the backend system in the proxy class?
Thanks for your help and regards
MartinDear Fox,
Thanks for your reply.
Is it mandatory to have the Header elements and the message defined in the Mediator wsdl?
At present I have not defined it in the WSDL.
Thanks,
Subin -
I want to parse a SAML assertion from an Identity Provider and use some
of the data for identity injection. Anyway, the java identity injection
plug-in can not access the SAML assertion, it can only access the
username and password using the ExternalDataFillerContext object.
Is it possible to extend tha authentication class to parse the SAML
assertion and write out the data to the customisation profile? Which
method or property returns the SAML assertion?
Thank you,
Alessandro
afolli
afolli's Profile: http://forums.novell.com/member.php?userid=6964
View this thread: http://forums.novell.com/showthread.php?t=398904Hi. Thanks for the answer.
I have two federated domains. The user requests a resource on domainA
and he's redirected to IdpA for authentication. The user authenticate on
IdpB and returns back. At this point I need to extract some info from
the SAML assertion returned by IdpB.
Do you think it's possible?
Thanks,
Alessandro
mumasankar;1926007 Wrote:
> The assertions are not stored on the session. It is little confusing
> when you say you want to parse a SAML assertion from authentication
> class. Usually, after authentication is done (after authentication class
> finished exectuing), the response will be generated by the IDP and
> assertion cration is part of the response.
>
> Can you please give details of your use case ?
>
> Regards,
> Uma.
afolli
afolli's Profile: http://forums.novell.com/member.php?userid=6964
View this thread: http://forums.novell.com/showthread.php?t=398904 -
Hi Folks,
I needed your expert advice here related to the OWSM error in the SOA log:
Caused by: FAULT CODE: InvalidSecurityToken FAULT MESSAGE: Found invalid condition "not before" in SAML assertion. Current Time:Fri Feb 22 06:59:18 EST 2013, clockSkew:360000 milli seconds, NotBefore Time:Fri Feb 22 07:12:29 EST 2013
My test SOA server on Windows based box is integrated correctly into the Oracle Fusion Apps. The tasks in my SOA server need to be seen on Oracle Fusion Apps Worklist, but due to clockSkew the above error is hit. Could you please advise a resolution? I tried Windows "net time" command to time sync my server time with that of the Fusion Apps server. But, that did not work as it was a Linux box.
SOA log trace:
[2013-02-22T06:55:19.363-05:00] [soa_server1] [ERROR] [OWS-04115] [oracle.webservices.service] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 004p^wCfGg29xWGpIwP5if0006SK000H4B,1:23756:2:1] [APP: soa-infra] [URI: /homePage/faces/AtkHomePageWelcome] An error occurred for port: {http://xmlns.oracle.com/bpel/workflow/taskQueryService}TaskQueryServicePort: oracle.fabric.common.PolicyEnforcementException: InvalidSecurity : error in processing the WS-Security security header.
[2013-02-22T06:59:18.613-05:00] [soa_server1] [ERROR] [WSM-07618] [oracle.wsm.resources.enforcement] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 004p^wQwJi29xWGpIwP5if0006SK000GFk,1:23758:3:1] [WSM_POLICY_NAME: oracle/wss_saml_or_username_token_service_policy] [WEBSERVICE_PORT.name: TaskQueryServicePort] [APP: soa-infra] [J2EE_MODULE.name: integration/services/TaskQueryService] [WEBSERVICE.name: TaskQueryService] [J2EE_APP.name: soa-infra] [URI: /homePage/faces/AtkHomePageWelcome] Failed to execute the assertion "WSSecurity SAML Token" in the conditional policy. InvalidSecurityToken : The security token is not valid.[[
oracle.wsm.common.sdk.WSMException: InvalidSecurityToken : The security token is not valid.
at oracle.wsm.security.policy.scenario.executor.Wss10SamlTokenScenarioExecutor.receiveRequest(Wss10SamlTokenScenarioExecutor.java:156)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:562)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:669)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeXorAssertion(WSPolicyRuntimeExecutor.java:480)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:340)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:294)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:1001)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:470)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:94)
at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:128)
at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:276)
at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:165)
at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:576)
at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:231)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:193)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:485)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: oracle.wsm.security.SecurityException: WSM-00008 : Web service authentication failed.
at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:240)
at oracle.wsm.security.jps.JpsManager.samlAuthenticate(JpsManager.java:377)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticateSamlToken(WssSaml11TokenProcessor.java:313)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticate(WssSaml11TokenProcessor.java:221)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:598)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:572)
at oracle.wsm.security.policy.scenario.executor.Wss10SamlTokenScenarioExecutor.receiveRequest(Wss10SamlTokenScenarioExecutor.java:137)
... 43 more
Caused by: javax.security.auth.login.LoginException
at oracle.security.jps.internal.jaas.module.saml.JpsAbstractSAMLLoginModule.login(JpsAbstractSAMLLoginModule.java:122)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:235)
... 49 more
Caused by: FAULT CODE: InvalidSecurityToken FAULT MESSAGE: Found invalid condition "not before" in SAML assertion. Current Time:Fri Feb 22 06:59:18 EST 2013, clockSkew:360000 milli seconds, NotBefore Time:Fri Feb 22 07:12:29 EST 2013.
at oracle.security.jps.internal.jaas.module.saml.SAMLUtils.verifyNotBefore(SAMLUtils.java:92)
at oracle.security.jps.internal.jaas.module.saml.JpsSAMLVerifier.verifyConditions(JpsSAMLVerifier.java:223)
at oracle.security.jps.internal.jaas.module.saml.JpsSAMLVerifier.verify(JpsSAMLVerifier.java:124)
at oracle.security.jps.internal.jaas.module.saml.JpsSamlAssertor.verify(JpsSamlAssertor.java:90)
at oracle.security.jps.internal.jaas.module.saml.JpsSamlAssertor.assertToken(JpsSamlAssertor.java:67)
at oracle.security.jps.internal.jaas.module.saml.JpsAbstractSAMLLoginModule.login(JpsAbstractSAMLLoginModule.java:102)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:707)
at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:235)
at oracle.wsm.security.jps.JpsManager.samlAuthenticate(JpsManager.java:377)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticateSamlToken(WssSaml11TokenProcessor.java:313)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticate(WssSaml11TokenProcessor.java:224)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:598)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:574)
at oracle.wsm.security.policy.scenario.executor.Wss10SamlTokenScenarioExecutor.receiveRequest(Wss10SamlTokenScenarioExecutor.java:141)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:562)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:669)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeXorAssertion(WSPolicyRuntimeExecutor.java:480)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:340)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:295)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:1001)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:470)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:94)
at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:128)
at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:276)
at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:165)
at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:576)
at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:232)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:194)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:485)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
... 9 more
[2013-02-22T06:59:18.613-05:00] [soa_server1] [ERROR] [WSM-07618] [oracle.wsm.resources.enforcement] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 004p^wQwJi29xWGpIwP5if0006SK000GFk,1:23758:3:1] [WSM_POLICY_NAME: oracle/wss_saml_or_username_token_service_policy] [WEBSERVICE_PORT.name: TaskQueryServicePort] [APP: soa-infra] [J2EE_MODULE.name: integration/services/TaskQueryService] [WEBSERVICE.name: TaskQueryService] [J2EE_APP.name: soa-infra] [URI: /homePage/faces/AtkHomePageWelcome] Failed to execute the assertion "WSSecurity UserName Token" in the conditional policy. InvalidSecurity : error in processing the WS-Security security header[[
oracle.wsm.common.sdk.WSMException: InvalidSecurity : error in processing the WS-Security security header
at oracle.wsm.security.policy.scenario.executor.WssUsernameTokenScenarioExecutor.receiveRequest(WssUsernameTokenScenarioExecutor.java:197)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:562)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:669)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeXorAssertion(WSPolicyRuntimeExecutor.java:480)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:340)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:294)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:1001)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:470)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:94)
at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:128)
at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:276)
at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:165)
at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:576)
at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:231)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:193)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:485)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: oracle.wsm.security.SecurityException: WSM-00265 : The Username token is missing in the security header. Ensure that there is a Username token policy attached on the client side. Tokens found in the security header are :- [(saml:Assertion), ].
at oracle.wsm.security.policy.scenario.processor.UsernameTokenProcessor.verify(UsernameTokenProcessor.java:241)
at oracle.wsm.security.policy.scenario.executor.WssUsernameTokenScenarioExecutor.receiveRequest(WssUsernameTokenScenarioExecutor.java:129)
... 43 more
[2013-02-22T06:59:18.613-05:00] [soa_server1] [ERROR] [WSM-07602] [oracle.wsm.resources.enforcement] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 004p^wQwJi29xWGpIwP5if0006SK000GFk,1:23758:3:1] [WSM_POLICY_NAME: oracle/wss_saml_or_username_token_service_policy] [WEBSERVICE_PORT.name: TaskQueryServicePort] [APP: soa-infra] [J2EE_MODULE.name: integration/services/TaskQueryService] [WEBSERVICE.name: TaskQueryService] [J2EE_APP.name: soa-infra] [URI: /homePage/faces/AtkHomePageWelcome] Failure in WS-Policy Execution due to exception.
[2013-02-22T06:59:18.613-05:00] [soa_server1] [ERROR] [WSM-07501] [oracle.wsm.resources.enforcement] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 004p^wQwJi29xWGpIwP5if0006SK000GFk,1:23758:3:1] [WSM_POLICY_NAME: oracle/wss_saml_or_username_token_service_policy] [WEBSERVICE_PORT.name: TaskQueryServicePort] [APP: soa-infra] [J2EE_MODULE.name: integration/services/TaskQueryService] [WEBSERVICE.name: TaskQueryService] [J2EE_APP.name: soa-infra] [URI: /homePage/faces/AtkHomePageWelcome] Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.service, application=soa-infra, composite=null, modelObj=TaskQueryService, policy=oracle/wss_saml_or_username_token_service_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss-username-token.we got the update and this has been resolved as we have installed weblogic 10.
-
SAML assertion was used to sign a message, the verification of signature us
CR325776, CR301621, CR331147
When SAML assertion was used to sign a message, the verification of signature used to fail with NullPointerException.
This problem has been resolved.
We have 9.2 MP2 as our ALDSP weblogic server. Is there any way to do a smart Update from MP2 to MP3?
Can it be done behind the proxy, ie., download the patch and install ?
Our Unix server is Solaris. Please let us know.
Thanks.we got the update and this has been resolved as we have installed weblogic 10.
-
How can we change the lifetime of an assertion ticket?
The default lifetime is set to 120 seconds.
We need to extend the tickets lifetime. Where can we define this?
Edited by: Urs Hürlimann on Jun 30, 2008 8:52 AMtrc file: "/var/log/suva/espresso/wlss1/sso_log.txt", trc level: 3, release: "640"
"Thr 14393" Thu Jul 3 11:20:46 2008
"Thr 14393" MySapEvalLogonTicketEx was called.
"Thr 14393" Unconverted Ticket is the following: AjExMDAgAA9wb3J0YWw6RTAwMDA0MDCIAAdkZWZhdWx0EAADV0xTDwADMDAxCAABAQEACEUwMDAwNDAwAgADMDAwAwADUzUwBAAMMjAwODA3MDMwOTE4BwAEAAAAAgoACEUwMDAwNDAw%2FwEFMIIBAQYJKoZIhvcNAQcCoIHzMIHwAgEBMQswCQYFKw4DAhoFADALBgkqhkiG9w0BBwExgdAwgc0CAQEwIjAdMQwwCgYDVQQDEwNTNTAxDTALBgNVBAsTBEoyRUUCAQAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA4MDcwMzA5MTg1MlowIwYJKoZIhvcNAQkEMRYEFPoQw28O4qu98dOGLjvU6FAdQ81DMAkGByqGSM44BAMELzAtAhQ5z0e6BOwCc9A9nDYayvSqun5PtgIVAIf1F7g1mpGZ1mHWse0c19HAgS3s
."Thr 14393" Initialized variables...
"Thr 14393" Preparing InContext...
"Thr 14393" *** ERROR => SAP Codepage is invalid! Uses UTF8 for output. "ssoxxext_mt. 331"
"Thr 14393" Ticket is the following: AjExMDAgAA9wb3J0YWw6RTAwMDA0MDCIAAdkZWZhdWx0EAADV0xTDwADMDAxCAABAQEACEUwMDAwNDAwAgADMDAwAwADUzUwBAAMMjAwODA3MDMwOTE4BwAEAAAAAgoACEUwMDAwNDAw%2FwEFMIIBAQYJKoZIhvcNAQcCoIHzMIHwAgEBMQswCQYFKw4DAhoFADALBgkqhkiG9w0BBwExgdAwgc0CAQEwIjAdMQwwCgYDVQQDEwNTNTAxDTALBgNVBAsTBEoyRUUCAQAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA4MDcwMzA5MTg1MlowIwYJKoZIhvcNAQkEMRYEFPoQw28O4qu98dOGLjvU6FAdQ81DMAkGByqGSM44BAMELzAtAhQ5z0e6BOwCc9A9nDYayvSqun5PtgIVAIf1F7g1mpGZ1mHWse0c19HAgS3s
."Thr 14393" Profile is the following: /usr/espresso/config/wlss1/sapcerts/h50a090.pse
."Thr 14393" Password is the following: (NULL)
"Thr 14393" Just before Validation...
"Thr 14393" Dump of InContext "ssoxxapi_mt.c 156"
"Thr 14393" 00000000 34 31 31 30 78 44 04 10 f2 1a 2c e8 78 44 06 68 4110xD..ò.,èxD.h
"Thr 14393" 00000010 00 00 01 ec 00 00 00 00 00 00 00 00 ...ì........
"Thr 14393" Copies from InContext->Format: PKCS7 "ssoxxapi_mt.c 163"
"Thr 14393" Copies from InContext->pzcsProName: /usr/espresso/config/wlss1/sapcerts/h50a090.pse "ssoxxapi_mt.c 166"
"Thr 14393" DecodeB64Len returns 0. iDecLength=369
"Thr 14393" Dump of Decoded ticket: "ssoxxapi_mt.c 188"
"Thr 14393" 00000000 02 31 31 30 30 20 00 0f 70 6f 72 74 61 6c 3a 45 .1100 ..portal:E
"Thr 14393" 00000010 30 30 30 30 34 30 30 88 00 07 64 65 66 61 75 6c 0000400...defaul
"Thr 14393" 00000020 74 10 00 03 57 4c 53 0f 00 03 30 30 31 08 00 01 t...WLS...001...
"Thr 14393" 00000030 01 01 00 08 45 30 30 30 30 34 30 30 02 00 03 30 ....E0000400...0
"Thr 14393" 00000040 30 30 03 00 03 53 35 30 04 00 0c 32 30 30 38 30 00...S50...20080
"Thr 14393" 00000050 37 30 33 30 39 31 38 07 00 04 00 00 00 02 0a 00 7030918.........
"Thr 14393" 00000060 08 45 30 30 30 30 34 30 30 ff 01 05 30 82 01 01 .E0000400ÿ..0...
"Thr 14393" 00000070 06 09 2a 86 48 86 f7 0d 01 07 02 a0 81 f3 30 81 ..*.H.÷.... .ó0.
"Thr 14393" 00000080 f0 02 01 01 31 0b 30 09 06 05 2b 0e 03 02 1a 05 ð...1.0...+.....
"Thr 14393" 00000090 00 30 0b 06 09 2a 86 48 86 f7 0d 01 07 01 31 81 .0...*.H.÷....1.
"Thr 14393" 000000A0 d0 30 81 cd 02 01 01 30 22 30 1d 31 0c 30 0a 06 Ð0.Í...0"0.1.0..
"Thr 14393" 000000B0 03 55 04 03 13 03 53 35 30 31 0d 30 0b 06 03 55 .U....S501.0...U
"Thr 14393" 000000C0 04 0b 13 04 4a 32 45 45 02 01 00 30 09 06 05 2b ....J2EE...0...+
"Thr 14393" 000000D0 0e 03 02 1a 05 00 a0 5d 30 18 06 09 2a 86 48 86 ...... "0...*.H.
"Thr 14393" 000000E0 f7 0d 01 09 03 31 0b 06 09 2a 86 48 86 f7 0d 01 ÷....1...*.H.÷..
"Thr 14393" 000000F0 07 01 30 1c 06 09 2a 86 48 86 f7 0d 01 09 05 31 ..0...*.H.÷....1
"Thr 14393" 00000100 0f 17 0d 30 38 30 37 30 33 30 39 31 38 35 32 5a ...080703091852Z
"Thr 14393" 00000110 30 23 06 09 2a 86 48 86 f7 0d 01 09 04 31 16 04 0#..*.H.÷....1..
"Thr 14393" 00000120 14 fa 10 c3 6f 0e e2 ab bd f1 d3 86 2e 3b d4 e8 .ú.Ão.⫽ñÓ..;Ôè
"Thr 14393" 00000130 50 1d 43 cd 43 30 09 06 07 2a 86 48 ce 38 04 03 P.CÍC0...*.HÎ8..
"Thr 14393" 00000140 04 2f 30 2d 02 14 39 cf 47 ba 04 ec 02 73 d0 3d ./0-..9ÏGº.ì.sÐ=
"Thr 14393" 00000150 9c 36 1a ca f4 aa ba 7e 4f b6 02 15 00 87 f5 17 .6.Êôªº~O¶....õ.
"Thr 14393" 00000160 b8 35 9a 91 99 d6 61 d6 b1 ed 1c d7 d1 c0 81 2d ¸5...ÖaÖ±í.×ÑÀ.-
"Thr 14393" 00000170 ec ì
"Thr 14393" Read version.
"Thr 14393" Read Codepage.
"Thr 14393" Read InfoUnit (0x20).
"Thr 14393" Read length (15).
"Thr 14393" Read contents.
"Thr 14393" Read InfoUnit (0x88).
"Thr 14393" Read length (7).
"Thr 14393" Read contents.
"Thr 14393" Read InfoUnit (0x10).
"Thr 14393" Read length (3).
"Thr 14393" Read contents.
"Thr 14393" Read InfoUnit (0x0F).
"Thr 14393" Read length (3).
"Thr 14393" Read contents.
"Thr 14393" Read InfoUnit (0x08).
"Thr 14393" Read length (1).
"Thr 14393" Read contents.
"Thr 14393" Read InfoUnit (0x01).
"Thr 14393" Read length (8).
"Thr 14393" Read contents.
"Thr 14393" Read InfoUnit (0x02).
"Thr 14393" Read length (3).
"Thr 14393" Read contents.
"Thr 14393" Read InfoUnit (0x03).
"Thr 14393" Read length (3).
"Thr 14393" Read contents.
"Thr 14393" Read InfoUnit (0x04).
"Thr 14393" Read length (12).
"Thr 14393" Read contents.
"Thr 14393" Read InfoUnit (0x07).
"Thr 14393" Read length (4).
"Thr 14393" Read contents.
"Thr 14393" Read InfoUnit (0x0A).
"Thr 14393" Read length (8).
"Thr 14393" Read contents.
"Thr 14393" Read InfoUnit (0xFF).
"Thr 14393" ParseTicket returns 0. "ssoxxapi_mt.c 200"
"Thr 14393" Bytes processed: 106 "ssoxxapi_mt.c 203"
"Thr 14393" Argument Dump for ticket verification:
"Thr 14393" Content byte stream:
"Thr 14393" 00000000 02 31 31 30 30 20 00 0f 70 6f 72 74 61 6c 3a 45 .1100 ..portal:E
"Thr 14393" 00000010 30 30 30 30 34 30 30 88 00 07 64 65 66 61 75 6c 0000400...defaul
"Thr 14393" 00000020 74 10 00 03 57 4c 53 0f 00 03 30 30 31 08 00 01 t...WLS...001...
"Thr 14393" 00000030 01 01 00 08 45 30 30 30 30 34 30 30 02 00 03 30 ....E0000400...0
"Thr 14393" 00000040 30 30 03 00 03 53 35 30 04 00 0c 32 30 30 38 30 00...S50...20080
"Thr 14393" 00000050 37 30 33 30 39 31 38 07 00 04 00 00 00 02 0a 00 7030918.........
"Thr 14393" 00000060 08 45 30 30 30 30 34 30 30 .E0000400
"Thr 14393"
Signature byte stream:
"Thr 14393" 00000000 30 82 01 01 06 09 2a 86 48 86 f7 0d 01 07 02 a0 0.....*.H.÷....
"Thr 14393" 00000010 81 f3 30 81 f0 02 01 01 31 0b 30 09 06 05 2b 0e .ó0.ð...1.0...+.
"Thr 14393" 00000020 03 02 1a 05 00 30 0b 06 09 2a 86 48 86 f7 0d 01 .....0...*.H.÷..
"Thr 14393" 00000030 07 01 31 81 d0 30 81 cd 02 01 01 30 22 30 1d 31 ..1.Ð0.Í...0"0.1
"Thr 14393" 00000040 0c 30 0a 06 03 55 04 03 13 03 53 35 30 31 0d 30 .0...U....S501.0
"Thr 14393" 00000050 0b 06 03 55 04 0b 13 04 4a 32 45 45 02 01 00 30 ...U....J2EE...0
"Thr 14393" 00000060 09 06 05 2b 0e 03 02 1a 05 00 a0 5d 30 18 06 09 ...+...... "0...
"Thr 14393" 00000070 2a 86 48 86 f7 0d 01 09 03 31 0b 06 09 2a 86 48 .H.÷....1....H
"Thr 14393" 00000080 86 f7 0d 01 07 01 30 1c 06 09 2a 86 48 86 f7 0d .÷....0...*.H.÷.
"Thr 14393" 00000090 01 09 05 31 0f 17 0d 30 38 30 37 30 33 30 39 31 ...1...080703091
"Thr 14393" 000000A0 38 35 32 5a 30 23 06 09 2a 86 48 86 f7 0d 01 09 852Z0#..*.H.÷...
"Thr 14393" 000000B0 04 31 16 04 14 fa 10 c3 6f 0e e2 ab bd f1 d3 86 .1...ú.Ão.⫽ñÓ.
"Thr 14393" 000000C0 2e 3b d4 e8 50 1d 43 cd 43 30 09 06 07 2a 86 48 .;ÔèP.CÍC0...*.H
"Thr 14393" 000000D0 ce 38 04 03 04 2f 30 2d 02 14 39 cf 47 ba 04 ec Î8.../0-..9ÏGº.ì
"Thr 14393" 000000E0 02 73 d0 3d 9c 36 1a ca f4 aa ba 7e 4f b6 02 15 .sÐ=.6.Êôªº~O¶..
"Thr 14393" 000000F0 00 87 f5 17 b8 35 9a 91 99 d6 61 d6 b1 ed 1c d7 ..õ.¸5...ÖaÖ±í.×
"Thr 14393" 00000100 d1 c0 81 2d ec ÑÀ.-ì
"Thr 14393" Encoded content byte stream:
"Thr 14393" 00000000 30 78 06 09 2a 86 48 86 f7 0d 01 07 01 a0 6b 04 0x..*.H.÷.... k.
"Thr 14393" 00000010 69 02 31 31 30 30 20 00 0f 70 6f 72 74 61 6c 3a i.1100 ..portal:
"Thr 14393" 00000020 45 30 30 30 30 34 30 30 88 00 07 64 65 66 61 75 E0000400...defau
"Thr 14393" 00000030 6c 74 10 00 03 57 4c 53 0f 00 03 30 30 31 08 00 lt...WLS...001..
"Thr 14393" 00000040 01 01 01 00 08 45 30 30 30 30 34 30 30 02 00 03 .....E0000400...
"Thr 14393" 00000050 30 30 30 03 00 03 53 35 30 04 00 0c 32 30 30 38 000...S50...2008
"Thr 14393" 00000060 30 37 30 33 30 39 31 38 07 00 04 00 00 00 02 0a 07030918........
"Thr 14393" 00000070 00 08 45 30 30 30 30 34 30 30 ..E0000400
"Thr 14393" Verify returns 0 "ssoxxsgn_mt.c 189"
"Thr 14393" Certificate is:
"Thr 14393" 00000000 30 82 02 3b 30 82 02 26 02 01 00 30 09 06 07 2a 0..;0..&...0...*
"Thr 14393" 00000010 86 48 ce 38 04 03 30 1d 31 0c 30 0a 06 03 55 04 .HÎ8..0.1.0...U.
"Thr 14393" 00000020 03 13 03 53 35 30 31 0d 30 0b 06 03 55 04 0b 13 ...S501.0...U...
"Thr 14393" 00000030 04 4a 32 45 45 30 1e 17 0d 30 37 30 37 30 32 31 .J2EE0...0707021
"Thr 14393" 00000040 31 34 32 33 34 5a 17 0d 32 37 30 37 30 32 31 31 14234Z..27070211
"Thr 14393" 00000050 34 32 33 34 5a 30 1d 31 0c 30 0a 06 03 55 04 03 4234Z0.1.0...U..
"Thr 14393" 00000060 13 03 53 35 30 31 0d 30 0b 06 03 55 04 0b 13 04 ..S501.0...U....
"Thr 14393" 00000070 4a 32 45 45 30 82 01 b6 30 82 01 2b 06 07 2a 86 J2EE0..¶0..+..*.
"Thr 14393" 00000080 48 ce 38 04 01 30 82 01 1e 02 81 81 00 82 7d d4 HÎ8..0........}Ô
"Thr 14393" 00000090 9c a2 05 69 84 e9 83 71 b1 34 0d 5d 71 83 92 85 .¢.i.é.q±4."q...
"Thr 14393" 000000A0 b2 5a ca a3 82 d7 ac 38 6e 94 40 84 3f 0a 46 7a ²ZÊ£.׬8n.@.?.Fz
"Thr 14393" 000000B0 a8 75 a8 c1 ca 3b 70 ba 6a 97 07 12 f6 b1 99 ed ¨u¨ÁÊ;pºj...ö±.í
"Thr 14393" 000000C0 3e ec 53 13 f3 94 0a 67 bb d6 9f 38 72 29 61 ab >ìS.ó..g»Ö.8r)a«
"Thr 14393" 000000D0 02 3d 17 a1 33 3c 52 23 5d 9f b7 d1 0e 95 e3 a5 .=.¡3<R#".·Ñ..ã¥
"Thr 14393" 000000E0 5e f9 b0 4f c7 c9 20 c5 72 da 7a c3 d5 0f 24 0d ^ù°OÇÉ ÅrÚzÃÕ.$.
"Thr 14393" 000000F0 bb 8e 54 da 9e bb 70 21 11 c5 35 82 e5 35 85 2e ».TÚ.»p!.Å5.å5..
"Thr 14393" 00000100 9f 59 39 79 b3 32 50 c8 86 83 96 19 17 02 15 00 .Y9y³2PÈ........
"Thr 14393" 00000110 fa 50 79 da fa 3f 3a b1 e8 0a 6d f5 bd 16 f2 24 úPyÚú?:±è.mõ½.ò$
"Thr 14393" 00000120 d8 f8 d7 1b 02 81 80 4f bd f5 2e 33 04 f0 51 c1 Øø×....O½õ.3.ðQÁ
"Thr 14393" 00000130 7c a5 5c 93 81 b5 c1 7d 4c 20 50 76 85 34 50 cf |¥..µÁ}L Pv.4PÏ
"Thr 14393" 00000140 d9 fc 72 b2 e1 b2 b1 6f a0 10 48 b8 ff 17 e7 a9 Ùür²á²±o .H¸ÿ.ç©
"Thr 14393" 00000150 0a e1 e0 18 05 3e 34 d9 d5 61 df 71 4c c8 dc 92 .áà..>4ÙÕaßqLÈÜ.
"Thr 14393" 00000160 b1 51 b5 df 66 59 70 6b 5e 57 c3 19 a2 d6 58 3b ±QµßfYpk^WÃ.¢ÖX;
"Thr 14393" 00000170 7d 32 d2 e9 e1 f1 66 3e aa ac 46 0d cd 4e 67 70 }2Òéáñf>ª¬F.ÍNgp
"Thr 14393" 00000180 36 f7 f9 be 0b 2e 16 a0 5d 69 5d 5b 81 13 a9 03 6÷ù¾... "i""..©.
"Thr 14393" 00000190 cb 38 63 56 1a bd 36 4a 5d 6c 15 66 17 fa 10 a3 Ë8cV.½6J"l.f.ú.£
"Thr 14393" 000001A0 20 99 e1 d2 34 77 13 03 81 84 00 02 81 80 5c a5 .áÒ4w........\u00A5
"Thr 14393" 000001B0 41 c8 31 99 f2 ff a7 20 be 01 2d 80 4b 7e e9 45 AÈ1.òÿ§ ¾.-.K~éE
"Thr 14393" 000001C0 80 72 c9 59 52 28 af 76 57 0b 08 ae ec 75 db 19 .rÉYR(¯vW..®ìuÛ.
"Thr 14393" 000001D0 dc 06 db e8 2a 2e 0b 55 11 09 76 ff a9 ad f3 5c Ü.Ûè*..U..vÿ©ó
"Thr 14393" 000001E0 f3 c5 bf 23 db 6e fd ea 85 81 78 ad 2a 05 2d 83 óÅ¿#Ûnýê..x*.-.
"Thr 14393" 000001F0 12 91 ff f0 a0 bb 79 c3 0e cb 37 f8 dc 05 31 38 ..ÿð »yÃ.Ë7øÜ.18
"Thr 14393" 00000200 c3 1b 5b 61 64 19 4e b1 60 d2 7e b7 a8 51 d6 6e Ã."ad.N±`Ò~·¨QÖn
"Thr 14393" 00000210 36 1e fc ce 6a 78 20 c3 e6 54 1f 0d 68 c0 db 61 6.üÎjx ÃæT..hÀÛa
"Thr 14393" 00000220 c5 84 63 15 d4 19 36 94 56 03 2f 2e 3b 89 30 0c Å.c.Ô.6.V./.;.0.
"Thr 14393" 00000230 06 08 2a 86 48 86 f7 0d 02 05 05 00 03 01 00 ..*.H.÷........
"Thr 14393" ValidateTicket returns 0. "ssoxxapi_mt.c 226"
"Thr 14393" Validation succeeded...
"Thr 14393" Got date 200807030918 from ticket.
"Thr 14393" Cur time = 200807030920.
"Thr 14393" Computing validity in hours.
"Thr 14393" Computing validity in minutes.
"Thr 14393" CurTime_t = 1215163200, CreTime_t = 1215163080
"Thr 14393" validity: 120, difference: 120.000.
"Thr 14393" Evaluating user...
"Thr 14393" Evaluating Client ...
"Thr 14393" Evaluating Sysid ...
"Thr 14393" Evaluating Portal User...
"Thr 14393" Evaluating AuthSchema...
"Thr 14393" Evaluating creation time...
"Thr 14393" Computing validity in minutes.
"Thr 14393" validity: 120, difference: 3720.000.
"Thr 14393" *** ERROR => MySapEvalLogonTicketEx returns 4. "ssoxxext_mt. 665"
"Thr 14393" End of function MySapEvalLogonTicketEx. -
Reading fields from a text file
Hi, I'm fairly new to this so bear with me.
This is for an assignment - the idea is to cretae an online system for booking seats at a cinema - haven't got past the login stage yet?
I've got an applet that needs to read in a field from a text file.
I'm using the StringTokenizer function.
I've put a test in to check that the applet can find the file, which seems to be ok.
However, it's not reading from the file.
Te file is a simple text file - fields are seperated by a comma and a space.
Any ideas?
Please help as this is quite urgent.
Prototype Code is below
public class cinema extends Applet implements ActionListener, ItemListener{
private List ActionList;
private int listIndex;
TextArea t = new TextArea(5, 30);
private Button gobutton, writebutton, login, logout;
private PrintWriter suggestfile;
TextField Userid, password, enterField;
private int count, checkuser;
private BufferedReader firstn;
File myFile = new File("e:\\Ian\\Unistuff\\2nd Year\\se2\\cinema2\\src\\cinema2\\member.txt");
//Construct the applet
public cinema() {
enterField = new TextField("Please enter user ID and Password");
enterField.setEditable(false);
add(enterField);
Userid = new TextField(3);
add(Userid);
password = new TextField(10);
password.setEchoChar('*');
add(password);
//Initialize the applet
public void init() {
BorderLayout borderLayout1 = new BorderLayout();
//some code ommitted
t.setEditable(false);
add(t);
gobutton = new Button("Go!");
add(gobutton);
gobutton.addActionListener(this);
public void actionPerformed(ActionEvent event) {
if (event.getSource() == gobutton) {
try {
firstn = new BufferedReader( new FileReader(myFile));
catch (IOException e) {
t.setText("Member database missing - please contact Chairperson");
return;
try {
String line1;
boolean found = false;
while (( ( line1 = firstn.readLine() ) != null) && (! found))
{StringTokenizer token1 = new StringTokenizer (line1, " ,");
String user = token1.nextToken();
if (Userid.getText().equals(user))
{ found = true;
t.setText("Hello");
firstn.close();
catch (IOException e) {
System.err.println("Error Reading File " + myFile + ": " + e.toString());
Here's the text file:
Ian, Dodson, 001, rubbish
Joe, Bloggs, 002, medway
Bill, Smith, 003, unique
Guest, , Guest,
To test that it is working, it should just put a message in the Text Area, but nothing happens when you press the "go" button.1. Your applet will not work, because it is trying to
read file from local disk.
2. This task can be solved by simple CGI script
(which is much more common and universal thing than
java), so you do not need to use java if you want to
send 3 lines to a server.
3. See examples and read some books.1. Stated the obvious.
2. This is a java forum, not Perl.
3. Pathetic and patronizing.
Very helpful. -
Problem with signed SAML assertion and Web Services Manager
Folks,
I’m having some issues trying to generate a proper signed SAML assertion using JDeveloper 10.1.3. I am securing a java proxy class using the wizard as described in http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html .
On the OWSM side, I have a service that I am securing with SAML - Verify WSS 1.0 Token. If I set the "Allow signed assertions only" property to false I can complete the service call. However, when it is set to true I am receiving the following fault: javax.xml.rpc.soap.SOAPFaultException: SAML token verification failed.
When I examine the message going to OWSM in a packet analyzer, it is missing the signature in the SAML assertion. The <saml:Assertion> tags looks like:
<saml:Assertion MajorVersion="1" MinorVersion="1"
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="yM0oqZgF0N1a1td6yzKgOQ22"
IssueInstant="2007-01-23T17:15:27Z"
Issuer="HealthMarkets_s3">
<saml:Conditions NotBefore="2007-01-23T17:15:27Z"
NotOnOrAfter="2007-01-24T17:15:27Z"/>
<saml:AuthenticationStatement AuthenticationInstant="2007-01-23T17:15:27Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
<saml:Subject>
<saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">client_s3</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:AuthenticationStatement>
</saml:AssertionI have selected the Sign Outbound Messages in step 3 of the Secure Web Proxy Wizard. This step uses the DSA-SHA1 algorithm.
Any help is greatly appreciated.
Thanks in advance,
JosephThanks for the response. I am not using any pages for this application yet... just calling the web service from SOAP UI or any Web Service testing tool causes the problem.
All that has to be done to replicate it is to build a simple EJB 3.0 JPA bean using the entities from tables wizard and then add named query as follows:
@NamedQuery(name = "BomHeader.findByDesc", query = "select o from BomHeader o where o.bomDesc like :p_bomDesc")
then build a session bean with the wizard that includes the JPA persistence unit and the entity and subsequently use the wizard to wrap the session bean in a web service.
The whole replication process should take 5 minutes if you have some database tables to work with. It breaks when the web service is called.
Thanks in advance -
Principal Propagation / SAP Assertion Ticket
Hi Experts,
i m planning a synchronous scenario
3rd party (SOAP) -> PI -> SAP ECC (RFC)
PI is on 7.1, ECC on 7.00
I would like to run Principal Propagation. At the moment i m struggling with Assertion Ticket to be issued by the SOAP sender. From [SAP Help: Princ Prop / Configuring the Sender|http://help.sap.com/saphelp_nw04/helpdata/EN/45/3418a0eabe072fe10000000a155369/content.htm]: "The SOAP client itself must be able to issue SAP assertion tickets."
- Does that mean: if the sender is a non SAP system Principle Propagation cannot be implemented?
- Or is there a way to issue the SAP assertion ticket from 3rd party SOAP sender?
- If yes, how does that work?
I found two interesting threads:
[Principal Propagation SOAP - XI - RFC Scenario |Re: Principal Propagation SOAP - XI - RFC Scenario]:
I do not understand Swarups answer 100%. He wrote: "Here you need not have to do anything on SOAP sender side to create the assertion ticket.The assertion ticket is required on SAP side which will act as Web AS ABAP Server"
Can anybody illuminate that? Is he right?
[Issuing SAP assertion Tickets |Issuing SAP assertion Tickets]: The last post of Anthony stayed unansered, unfortunately. "How does the sender system do that? Is it somethign embedded in the header of the SOAP message? This really is unclear to me"
Thanks for your help,
UdoHi Udo,
> - Does that mean: if the sender is a non SAP system Principle Propagation cannot be implemented?
Principle propagation supports XI, SOAP and RFC adapters.
http://help.sap.com/saphelp_nw04/helpdata/en/45/0f16bef65c7249e10000000a155369/frameset.htm
Before using the principle propagation you have to active the configuration, but you can only activate the configuration if you have kernel patch 149 installed.
Regards
Ramesh -
SAML Assertion ID already in cache -- returning SC_FORBIDDEN
We are using WLS 10.3 and getting a SAML Assertion IDI already in cache -- returning SC_FORBIDDEN.
Any clue as to how or why this would happen or resolution.
Also we are in a Managed Server Cluster Environemnt.
thanks
ftHi Hao,
Regarding claims based issue, I suggest you refer to experts from the following forum to get professional support:
Claims based access platform (CBA), code-named Geneva Forum
http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
Thank you for your understanding and support.
Best Regards,
Amy -
Verify signature on SAML assertion
I've already asked this question on StackOverflow (http://stackoverflow.com/questions/25394137/verify-signature-on-saml-assertion), but I'm hoping to get a better response here. I'm trying to validate some SAML that looks like this:
<samlp2:Response Destination="http://www.testhabaGoba.com" ID="ResponseId_934151edfe060ceec3067670c2f0f1ea" IssueInstant="2013-09-24T14:33:29.507Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp2="urn:oasis:names:tc:SAML:2.0:protocol">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
</ds:Signature>
<saml2:Assertion ID="SamlAssertion-05fd8af7f2c9972e69cdbca612d3f3b8" IssueInstant="2013-09-24T14:33:29.496Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
</ds:Signature>
</saml2:Assertion>
</samlp2:Response>
The signature on the response always passes, but the signature on the assertion always fails. Even when I use a SAML that doesn't sign the response the assertion signature fails. Here's a condensed version of the code I'm using:
foreach (XmlElement node in xmlDoc.SelectNodes("//*[local-name()='Signature']"))
{// Verify this Signature block
SignedXml signedXml = new SignedXml(node.ParentNode as XmlElement);
signedXml.LoadXml(node);
KeyInfoX509Data x509Data = signedXml.Signature.KeyInfo.OfType<KeyInfoX509Data>().First();
// Verify certificate
X509Certificate2 cert = x509Data.Certificates[0] as X509Certificate2;
log.Info(string.Format("Cert s/n: {0}", cert.SerialNumber));
VerifyX509Chain(cert);// Custom method
// Check for approval
X509Store store = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection collection = store.Certificates.Find(X509FindType.FindBySerialNumber, cert.SerialNumber, true);
Debug.Assert(collection.Count == 1);// Standing in for brevity
// Verify signature
signedXml.CheckSignature(cert, true);
Everything works except the CheckSignature method. It's the only thing that fails and it always fails the SAML assertion. What am I doing wrong?Hello Matthew T. Ricks,
Personally after reading your post I don't think this issue is related to this forum "Discuss and ask questions about the C# programming language, IDE, libraries, samples, and tools."
The problem is due to SAML assertion fail and I read something like this
http://docs.oracle.com/cd/E21455_01/common/tutorials/authn_saml_xml_sig.html to konw what is SAML and how it works. I will recommend you consult SAML related forum to ask this question.
Regards,
Barry
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
SAP Logon Ticket VS SAP Assertion Ticket?
SAP Logon Ticket VS SAP Assertion Ticket in SAP Enterprise Portal?
I want SAP Logon Ticket VS SAP Assertion Ticket.
When use SAP Logon Ticket?
When use SAP Assertion Ticket?
SAP Logon Ticket advantage / disadvantatge?
SAP Assertion Ticket Ticket advantage / disadvantatge?Hi James,
Please go through the link for Integration in Single Sign-On Environments.
http://help.sap.com/saphelp_nw04s/helpdata/en/96/a75742b6081053e10000000a155106/frameset.htm
Thanks n Regards
Santosh
Reward if helpful !!! -
Problem with validating SAML assertion signature ("bad" certificate?)
Hi,
We've been developing and testing webservices and webservice clients under WebLogic for awhile. In our typical configuration, we have the SAML Credential mapper configured on the webservice client side, and the SAML Identity Asserter on the webservice side, and we are using "sender-vouches", whereby the SAML assertions are being signed by the SAML Credential mapper.
Up through development, for the signing, we've been using certs issued by a test CA that we have, but now, we are moving to a pre-production environment, and we're required to use certs issued by a specific 3rd party CA. Since we've started using those new certs, we have been getting "token failed to validate" errors. We've been trying to diagnose this problem for awhile, and we're at the point that we believe that, for some reason, the certs that we got that were issued by the 3rd party CA are "bad".
Specifically, those certs are SSL Server certs, with the following characteristics:
Usages:
Digital Signature
Key Encipherment
Key Agreement
Netscape Type: SSL Server Authentication
but, they also have two "extended usage extension" OIDs, both are "2.16.840.1.101.2.x.yy.zz".
When we looked at the certs using various tools, e.g., "openssl x509...", etc., those extended usage extensions are being displayed as "unknown", which made us a littel suspicious about them, so I setup a simple test configuration with two WebLogic 10.0 MP1 instances.
For testing, we first used a cert from the 3rd party CA, which gave us the "failed to validate token" errors.
During this testing, we put a sniffer on the line, and captured the SOAP message with the signed SAML assertion, and we used a small Java app that I wrote awhile ago that will validate a digital signature. When we ran that Java app, the digital signature validated successfully (i.e., the digital signature was GOOD).
This seems to imply that the "failed to validate token signature" errors are happening because of something other than the digital signature being incorrect.
So, then, we created a certificate that matches the 3rd party CA certs almost exactly, except that we did not include the two extended usage extensions, and we configured the two WebLogic instances to use this new certificate.
When we tested with the new certificate, we no longer got the errors.
So, it appears that when the cert has those two enhanced usage extensions, WebLogic is either not willing to, or not able to, utilize the certs for validating digital signatures.
Does anyone have any insight into this problem, or has anyone encountered a problem like this before?
I also was wondering if there are any parameters for WebLogic that we might try to set that would tell WebLogic to perhaps ignore the certificate extensions and to just do the digital signature validation?
Thanks,
JimHi,
FYI, we were able to resolve this problem today. It turned out to be that the certificate and key were not "matched".
The way that we figured this out was to use openssl and the procedure here:
http://kb.wisc.edu/middleware/page.php?id=4064
which showed the mismatch.
We've since generated a new cert request and got a new certificate, and it's working now.
Jim -
Problem signing SAML assertion
Folks,
I’m having some issues trying to generate a proper signed SAML assertion using JDeveloper 10.1.3. I am securing a java proxy class using the wizard as described in http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html .
On the OWSM side, I have a service that I am securing with SAML - Verify WSS 1.0 Token. If I set the "Allow signed assertions only" property to false I can complete the service call. However, when it is set to true I am receiving the following fault:
javax.xml.rpc.soap.SOAPFaultException: SAML token verification failed.
When I examine the message going to OWSM in a packet analyzer, it is missing the signature in the SAML assertion. The <saml:Assertion> tags looks like:
<saml:Assertion MajorVersion="1" MinorVersion="1"
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="yM0oqZgF0N1a1td6yzKgOQ22"
IssueInstant="2007-01-23T17:15:27Z"
Issuer="HealthMarkets_s3">
<saml:Conditions NotBefore="2007-01-23T17:15:27Z"
NotOnOrAfter="2007-01-24T17:15:27Z"/>
<saml:AuthenticationStatement AuthenticationInstant="2007-01-23T17:15:27Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
<saml:Subject>
<saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">client_s3</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:AuthenticationStatement>
</saml:Assertion>I have selected the Sign Outbound Messages in step 3 of the Secure Web Proxy Wizard. This step uses the DSA-SHA1 algorithm.
Any help is greatly appreciated.
Thanks in advance,
JosephI do believe that JDev will produce a deployment descriptor that contains the WS-Security policy information. Can you post this? It should look something like this:
<oracle-webservice-clients>
<webservice-client>
<saml-token>
<signature-methods>RSA-SHA1</signature-methods>
</saml-token>
</webservice-client>
</oracle-webservice-clients>
Maybe you are looking for
-
How to reset the user password in Portal (SSO Users).
Hi, How to let the Portal users (SSO Users) reset their passwords by themselves..? - J
-
Can no longer print to shared printer on mac running 10.5
We have an old G5 that we use to share a printer between various macs all running 10.9. I recently upgraded the G5 to 10.5 to see if that helped with some issues we had, but now that we can no longer print to the printer. What I have done so far: #1
-
My lightning connector is all twisted at the ends.
I didn't think I was twisting or kinking the cord when I used it, but I guess I must have been, and I'm being more careful now. But what can I do to fix this cord? Or is it okay? It looks the same at the USB end. I don't know if this is related,
-
How to create a new Plan order type or make changes in current stock type?
Hi I need to do following for my client. After the planned order is created either manually or automatically a planned order profile is allocated and data is processed. The data would include: material, plant, order quantity and basic order dates. Th
-
Hi SDN, Good morning to all of you. I came infrom of you with a small quaery related to IDOC. My query is sales order is going to be created via IDOCs (Which came from XI) through FM IDOC_INPUT_ORDERS. While creating the SO we are generating the mail