SAML Credential Mapper Relying Party "Post Form"

Hi,
Has anybody used Custom Post Form for SAML credential Mapper Relying Party.
If so can you pls tell the specs. It is saml V2
I am trying like this in a html
<input type="hidden" name="TARGET " value="ddddd" />
<input type="hidden" name="SAML_AssertionConsumerURL" value="ddddddd" />
<input type="hidden" name="SAML_AssertionConsumerParams" value="homogenousMap" />
<input type="hidden" name="SAML_ITSRequestParams" value="" />
But everytime it gives a Internal server error in the logs
####<Oct 13, 2008 2:16:19 PM PDT> <Debug> <SecuritySAMLService> <pd7000163> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1223932579244> <BEA-000000> <SAMLServlet (samlits): doGet(): Unexpected throwable while handling request, returning INTERNAL_SERVER_ERROR: java.lang.NullPointerException>
I am also not finding any details about samlits servlet.
WEblogic front line support also does not know. No weblogic documentation on the actual implementation.
Thanks
Vishnu

Vishnu, you should also try cross-posting in the WLS-Security forum.
WebLogic Server - Security

Similar Messages

  • Null Pointer Exception while configuring SAML Credential Mapper

    Hi,
    I am trying to set up my customised SAML code for WLS 10.3. To test it , I have created a standalone suite with 2 applications,one as a source where the authentication will be through simple username and password and second as destination where the identity assertion will take place based on token generated in first app.
    So to achieve this , I am using a default SAMLCredentialMapperV2 for credential mapping at source site. But While configuring it, the management tab of the credential mapper shows null pointer exception.
    Can anyone point out whats wrong or if I am missing on anything?
    Steps to create:-
    1. Create a security realm
    2.Goto security realm ->Provider ->Credential Mapping tab.
    3.Create a credential mapper of type SAMLCredentialMapperV2 and with specifications as mentioned in http://www.oracle.com/technetwork/articles/entarch/sso-with-saml3-086457.html
    4. Click on the newly created mapper and go to management tab. It throws null pointer exception which is visible on the screen.
    Log Entries are as follows:-
    <Error> <Console> <BEA-240003> <Console encountered the following error java.lang.NullPointerException
         at com.bea.common.security.saml.registry.SAMLPartnerRegistry.<init>(SAMLPartnerRegistry.java:153)
         at com.bea.common.security.saml.registry.SAMLRelyingPartyRegistry.<init>(SAMLRelyingPartyRegistry.java:26)
         at weblogic.security.providers.saml.SAMLCredentialMapperV2Impl.init(SAMLCredentialMapperV2Impl.java:65)
         at weblogic.security.providers.saml.SAMLCredentialMapperV2Impl.listRelyingParties(SAMLCredentialMapperV2Impl.java:81)
         at weblogic.security.providers.saml.SAMLCredentialMapperV2MBeanImpl.listRelyingParties(SAMLCredentialMapperV2MBeanImpl.java:206)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
         at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
         at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
         at java.security.AccessController.doPrivileged(Native Method)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
         at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
         at java.security.AccessController.doPrivileged(Native Method)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
         at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
         at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
         at java.security.AccessController.doPrivileged(Native Method)
         at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
         at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
         at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
         at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
         at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
         at java.security.AccessController.doPrivileged(Native Method)
         at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
         at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
         at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
         at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
         at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
         at javax.management.remote.rmi.RMIConnectionImpl_1033_WLStub.invoke(Unknown Source)
         at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:993)
         at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
         at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
         at $Proxy144.listRelyingParties(Unknown Source)
         at com.bea.console.actions.security.providers.SAMLCredentialMapperV2ManagementPartnersTableAction.getSAMLCredentialMapperV2Partners(SAMLCredentialMapperV2ManagementPartnersTableAction.java:60)
         at com.bea.console.actions.security.providers.SAMLCredentialMapperV2ManagementPartnersTableAction.getCollection(SAMLCredentialMapperV2ManagementPartnersTableAction.java:42)
         at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:82)
         at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
         at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
         at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:261)
         at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
         at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
         at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
         at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:256)
         at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
         at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:133)
         at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
         at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
         at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
         at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
         at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
         at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
         at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
         at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
         at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
         at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
         at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388)
         at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
         at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:211)
         at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
         at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
         at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

    I've got the same issue too.
    My setup is to have one domain acting as both Source and Destination.
    For every 10 seconds, I'm seeing 4 of these logs, and the CPU consumption is 100% consistently.
    ####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentials: Subject initiator>
    ####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentials(Subject): getCredentialInternal() called>
    ####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): SAML Credential Mapper does not support credential type: weblogic.UserPassword, returns null>
    Does anyone know what's happening? I've got one of the Security Provider = Active Directory, and thus there's no password returning. Could it be the root cause of the problem?

  • SAML Credential Mapper does not support credential type

    Has anybody any idea on what could be causing the message below, which is being logged several times?
    <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <1309285937475> <BEA-000000> <SAMLCredentialMapperV2: getCredentials(Subject): getCredentialInternal() called>
    <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <1309285937475> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): **SAML Credential Mapper does not support credential type: weblogic.UserPassword, returns null**>
    Best regards
    Update: Forgot to mention this is SOA Suite 11G environment
    Edited by: user9501748 on Jun 28, 2011 11:53 AM

    I've got the same issue too.
    My setup is to have one domain acting as both Source and Destination.
    For every 10 seconds, I'm seeing 4 of these logs, and the CPU consumption is 100% consistently.
    ####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentials: Subject initiator>
    ####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentials(Subject): getCredentialInternal() called>
    ####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): SAML Credential Mapper does not support credential type: weblogic.UserPassword, returns null>
    Does anyone know what's happening? I've got one of the Security Provider = Active Directory, and thus there's no password returning. Could it be the root cause of the problem?

  • Inject User Attributes into SAML Credential Mapper V2 Assertions

    We are using SAML CMV2 on 10.0 MP1 and we would like to add user attributes in SAML assertions '<attributestatement>'.
    How do we inject attribute statements in assertions?
    [url http://e-docs.bea.com/wls/docs100/dvspisec/credmap.html]
    AT:
    - Do You Need to Develop a Custom Credential Mapping Provider?
    - 3rd paragraph, 4th sentence...
    States that the AttributeStatement can be configured to house user information. I have looked all over on how I can 'configure' the SAMLCMV2 to inject the user info we want (DN, favorite color, anything).
    Any input would be great,
    Thanks!
    Edited by dejavuuuuu at 03/18/2008 5:57 AM
    Edited by dejavuuuuu at 03/18/2008 5:59 AM

    Looks like it is not available in Weblogic 10 MP1 and we might have to wait for 10.3 where you get the SAMLCredentialAttributeMapper.
    http://edocs.bea.com/wls/docs100/javadocs/weblogic/security/providers/saml/SAMLCredentialAttributeMapper.html

  • Where is SAML Relying Party configuration stored?

    We are successfully configuring SSO using SAML 1.1 using either the console or WLST scripts. We have 3 different Relying Parties and everything works great. However, after restarts, our Relying Parties are gone! I assume that WLST and console both are updating the Mbean behind the scenes, but where does the SAML Relying Party configuration get persisted since we are not using the RDBMS store. Internal LDAP? An XML file? I can't find it documented anywhere.

    The StationGlobals.ini file is in your TestStand Config directory, which is found at <TestStand Application Data>\Cfg.
    On Windows 7, this is C:\ProgramData\National Instruments\TestStand 4.2\Cfg. I don't remember off-hand what the exact path is on versions of Windows earlier than Vista... Somewhere under C:\Documents and Settings\<Username>\. You can just search for StationGlobals.ini if you need to.

  • How can I use the POST form in defining a SAMLCredentialMapperV2

    Hi,
    I am trying to configure the SAMLCredentialMapperV2 in our WebLogic Portal 10.3.2. There is a parameter called "POST form -
    The POST form used with this SAML Relying Party". Can anyone give me a hint of how I can use this form parameter, where I have to deploy this form
    and where can I find documentation about those parameters.
    Any help would be appreciated.
    Best Regards
    Edmund

    As far as i remember his parameter was optional
    http://www.oracle.com/technology/pub/articles/dev2arch/2006/12/sso-with-saml.html is probably a better article, dont know if has any updates since this was written for 9.2

  • How to config Rules between Service Identity and Relying Party Application in Azure ACS?

    I am going to implement an Authorization Server talks to ACS OAuth2 endpoint with Java following this
    article.
    First, I created a Service Identity using the ACS Management Service by OData protocol, and then add a password credential in ACS Management Portal.
    Id: "22194691",
    Name: "oauth2-client-sample",
    Description: "Test",
    RedirectAddress: "http://localhost:8080",
    SystemReserved: false
    Second, I created a relying party application in ACS Management Portal with no Identity Providers, assume that its ID is 22194640 and its Realm is "https://oauth2-res-sample.herokuapp.com/".
    Third, I created a Delegation by ACS Management Service and got an Authorization Code(for example, XkbSXdM0d0v8wQ835hvKUg==) from ACS,
    POST /v2/mgmt/service/Delegations
    Authorization: Bearer XXXX(SWT from ACS)
    Content-Type: application/json
    {"ServiceIdentityId": "22194691", "RelyingPartyId": "22194640",
    "NameIdentifier": "[email protected]", "IdentityProvider": "WAAD"}
    At last, I posted the authorization code and service identity to ACS to request an Access Token,
    POST v2/OAuth2-13
    Content-Type: application/x-www-form-urlencoded
    grant_type=authorization_code&client_id=oauth2-client-sample
    &client_secret=xxxxxxxx&code=XkbSXdM0d0v8wQ835hvKUg%3D%3D
    &redirect_uri=http%3A%2F%2Flocalhost%3A8080
    &scope=https%3A%2F%2Foauth2-res-sample.herokuapp.com%2F
    But I got the following error from ACS,
    error: "invalid_request" error_description: "ACS50000: There was an error issuing a token. ACS60000: An error occurred while processing rules for relying party 'https://oauth2-res-sample.herokuapp.com/'
    using the service identity or identity provider named 'oauth2-client-sample'. ACS60000: Policy engine execution error. Trace ID: e8a1fa8c-19d8-4271-8095-80938ea45e69 Correlation ID: 82a0e83e-202f-4957-8871-cdcdf927b512 Timestamp: 2015-02-23 02:21:34Z"
    This is the Rule Group for the relying party application, pass through all the first claims to output. But
    I don't know what's wrong.

    Hello Cary!
    Request your confirmation if you could resolve the problem stated above? If no, please let us know at the earliest and we'll be glad to help. If yes, please share your valuable inputs for community's reference.
    Thank you,
    Arvind

  • ADFS 3.0 WAP and Non-Claims-Aware Relying Party Trusts

    I am attempting to migrating a Windows Claims SharePoint page to ADFS 3.0 (Windows Server 2012 R2) and the WAP (Web Application Proxy) from UAG, but are running into problems when our external users attempt to authenticate.  Users from our external
    domain (call it Domain2.com) have been accessing our SharePoint pages via SAML tokens but when I attempted to move them to the new WAP and off of UAG, they get a http/500 error.  The WAP error log gives the following:
    Warning Event ID 13016 - Web Application Proxy cannot retrieve a Kerberos ticket on behalf of the user because there is no UPN in the edge token or in the access cookie
    Error Event ID 12027 - Web Application Proxy encountered an unexpected error while processing the request. Error: The specified username is invalid. (0x8007089a).
    I presume the Error Event ID 12027 is because there is no UPN in the token and we are using KCD/Kerberos so I need to pass a UPN.
    The ADFS server and WAP are joined to Domain1.com.  Domain1.com is Active Directory and there is an account for every user in Domain2.com that is allowed access to our SharePoint Sites.  These account contain the standard
    info... UPN, Email Address, sAMAccountName, etc.  The UPN, Email, and sAMAccountName do not always match the accounts with the Domain2.com accounts; however, we have been using an Active Directory Field labled employeeNumber that is synchronized
    on both domains and we have been using a custom lookup based on the employeeNumber in AD.
    When login's occur via Domain1.com, no problem, the UPN is pulled from the Active Directory Claim Provider Trust.  When a user attempts to access from Domain2.com, we have configured ADFS to forwards them to an STS that collects the employeeNumber
    from Domain2.com via a Web Auth SAML token.  We are able to use the SAML token if we use the standard Claims-Aware Relying Party Trust (CARPT) and convert our SharePoint sites to use the trusted URN via powershell scripts, but we are trying to retain
    functionality similar to how we are using UAG so we don't want to change every single SharePoint site to the SAML configuration, hence we are trying to use the Non-Claims-Aware Relying Party Trust (NCARPT)
    Problem1: When we are using CARPT we can configure the custom translation for our employeeNumber lookup in AD.  But CARPT uses SAML Tokens not Kerberos Tolkens so we cannot login when SharePoint is configured for Kerberos.
    Problem2: When we are using NCARPT it works great when authenticating via local (Domain1.com) credentials and look's up the user in AD, but when we attempt to authenticate with remote (Domain2.com) credentials we are unable to configure the employeeNumber
    lookup and ADFS doesn't just go out and make that correlation on its own.
    Question1: Can I configure CARPT to use Kerberos?
    Question2: If not, can I configure NCARPT to lookup the AD employeeNumber, match the UPN, and add the UPN to the token?
    Question3: If neither option is available, am I just stuck with UAG or is there something out (not scheduled for EOL) there that can handle the translation between SAML and Kerberos Tokens?
    Let me know if I left something out, I tend to ramble, but not sure of all the info that is needed...

    Hi,
    Based on the description, is there trust between domain 1 and domain 2? If not, we can try to create trust between these two domains to see if it helps.
    Regarding Event ID 13016 and Event ID 12027, the following article can be referred to for more information.
    Web Application Proxy Troubleshooting
    https://technet.microsoft.com/en-us/library/dn770156.aspx
    Besides, for ADFS questions, in order to get more and better help, it's recommended that we ask for suggestions in the following forum.
    Claim based access platform (CBA), code-named Geneva
    https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
    Best regards,
    Frank Shen
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • IE11 can't post form data to specific frame or window dialog opened via window.open()

    Hello,
    Form POST targeting to specific frame or dialog popped up via window.open() no longer works in IE11.
    It worked fine in IE10 and all previous versions of IE.
    Please see screenshot attached with simple test that reproduces this problem.
    Direct Link to screenshot:
    http://173.231.98.44/cgi/TestFolder/IE_11_widow_frame_targeting_BUG.jpg
    Direct link to simple test page demonstrating this problem:
    http://173.231.98.44/cgi/TestFolder/page2.asp
    Note: IE11 doesn't report any errors, doesn't complain about anything, even when debugged via F12 developer tools. The only thing it complained initially was missing doc type declaration on top of page, but even after adding doc type definition, problem still
    persists, makes no difference.
    I tested this on fresh install of Windows 2012R2 while testing our web application with the new IE11.
    I believe doing this on Windows 8.1 with IE11 will result in same bug/problem.
    Our web application uses a technique whereby it launches a popup window via call to window.open(), passing blank URL and specifying a name for the new window. It then does a from post targeting the name of new dialog.
    In IE11 this functionality has been broken and no longer works.
    Problem is that IE11, instead of posting form to the newly created dialog, it launches a new instance of IE and then loads the requested form in this new instance of IE, while the dialog launched via window.open() remains on screen and is empty. If user repeats
    launching same form post request (via button click for example), IE 11 keeps creating new empty dialogs and new IE instance for every form post executed. This totally breaks our application because we use many so called "wizards" that encapsulate
    specific functionality in separate web page launched in a popup window.
    Another related problem is that if a dialog is launched with window.open(), the java script code in the dialog can not target the parent frame that opened the dialog anymore. In our application, when a dialog is closed, it typically needs to trigger a refresh
    of a specific frame within the parent window (again targeted by name) to reflect saved/updated info that user entered in the popup dialog. The result is that we can't refresh the parent frame after the pop up dialog closes. Instead, IE11 launches
    a new instance of IE (not just a tab, but a whole new instance) and loads the parent frame in it.
    The problem seems to be caused by broken frame name targeting mechanism in IE11.
    Note that we force IE to compatibility mode 5, but even without specifying any compatibility, the problem remains.
    Typical java script to reproduce this is:
    <input type="button" onClick="Popup(this.form);" name="btn2" value="Popup Dialog">
    function Popup(f){
        window.open("","MyNewDialogName","width=200,height=150");
        f.action = "page3.asp";
        f.target = "MyNewDialogName";
        f.submit();
    Expected: IE11 should correctly post form to and load targeted page in the newly popped up dialog, without opening new IE instance and new tab. Repeatedly posting form to existing popup window should reuse that window, not keep on launching more popup windows
    and then more IE instances.
    Steps to reproduce the problem (include URL if applicable):
    URL with sample page: http://173.231.98.44/cgi/TestFolder/page2.asp
    1) Create page1.htm: <html><body>display "I'm in a popup window now ..."</body></html>
    2) Create page2.htm with a button and onclick() event calling function to open dialog, and do form POST targeting new dialog calling page1.htm, like below.
    <input type="button" onClick="Popup(this.form);" name="btn2" value="Popup Dialog"> function Popup(f){
        window.open("","MyNewDialogName","width=200,height=150");
        f.action = "page1.asp";
        f.target = "MyNewDialogName";
        f.submit();
    3) Open IE11, navigate to page2.htm, click the "Popup Dialog" dialog button. IE 11 will popup the new dialog, but then it will also launch new instance of IE11 and display the page1.htm in it, instead of in the popup dialog.
    Has anyone else encountered this problem?
    Any insight or help is appreciated.
    Regards
    Peter

    the default action of <input type="button" is submit. Note also that the default type of <button> elements is 'submit' also.
    add a return false to the onclick inline event handler (which constructs the form submit attribues) to cancel the default form.submit behavior.
    form elements have a target value with which you can specify the name window into which you want the form to open in.
    <form action="process.aspx" target="popup">
    you can use the window.open method with a query uri to achieve the same outcome.
    window.open('process.aspx?s=search+term&amp;foo=bar','popup',{features})
    the outcomes of all scripted windows are affected by
    your IE Popup blocker and tabbed browsing settings
    which in turn is affected by your IE Security zone settings (for popup blocking handling)
    and the settings of any third-party popup blocker you may have installed and enabled... it may not necessarily be visible on your browser toolbar.
    The first step in troubleshooting web browser issues is to test in no-addons mode.
    Use the Developer Tool to find out what documentMode the test page is opening in on your system. On Modal/Modeless popup windows use the f12 key to display the Developer tool positioned on the contentWindow.
    Use File>Properties to find out what IE Security zone it maps to... there is a security setting to prevent navigation into zones of lower integrity.
    Rob^_^

  • ADFS Taleo Relying Party Configuration

    Hi, 
    I'm trying to configure Oracle Taleo as a relying party for AD FS and the AD FS as identity provider for Taleo. 
    AD FS Configuration
    I have uploaded XML Taleo federation metadata in relying party configuration wizard and everything seems correct. I have created claim-rules to return email address in Name ID attribute with unspecified format. 
    Taleo Configuration
    When I try to sign in, browser is correclty redirected to AD FS, AD FS returns a SAML response containing email address in name ID attribute (logged with Fiddler), but Taleo returns Internal Server Error 500. 
    Do you see anything wrong in this configuration? IdP identifier? Authentication URL? and more important the certificate: it is possible to select only one certificate, so which certificate should be uploaded SSL, token encryption or token deryption? in which
    format? binary base 64?
    I'm trying to  troubleshoot this error since one week also with Taleo support, but we didn't find anything. If you have already configured Taleo or you have any idea, let me know. 

    Ok, I have an update from the vendor, it is an error log: 
    I have some error reported by our Cloud Operations team I hope they will help you get a general idea: 
    << Report from Cloud Ops>> 
    Feb 17, 2015 5:28:17 PM EST 
    Error FED-18074 Signature verification failed for provider ID http://*****.com/adfs/services/trust 
    Feb 17, 2015 5:28:17 PM EST 
    Error FED-12064 Exception: {0} 
    Feb 17, 2015 5:28:27 PM EST 
    Error FED-10146 Could not locate the X.509 certificate forhttp://****.com/adfs/services/trust, for use signing 
    Feb 17, 2015 5:28:27 PM EST 
    Error FED-12064 Exception: {0} 
    Feb 17, 2015 5:28:27 PM EST 
    Error FED-15131 Certificate was missing when trying to verify digital signature. 
    The problem is related with certificates, because we have uploaded several certificates and now I think Taleo is not able to find the right one. Since all errors are related to signing certificates maybe I have to select this one. 

  • Error in third party posting due to missing entry in T51R6_FUNDINFO

    Hi,
    We are getting error "No entry in table T51R6_FUNDINFO for key xxxxx" while doing third party posting on a particular due date.I tried undo evaluation run through program RPURMD00 but getting a error message "partially posted evaluation runs can not be deleted/undone/reversed". Has anyone faced this issue before and has the solution for it?
    Thanks,
    Monika

    Hi Maddy,
    If your issue is not solved, please continue the same old thread instead of creating a new thread. This helps others to follow the discussion and understand the process to resolve the issue.
    You have posted this same thread twice and please remove one before the moderator locks it.
    Regards,
    Ravi

  • Post-form trigger raised unhandled exception

    I have enabled TRANSLATION and ATTACHMENTS menu on my oracle form(form customization).
    but if i click on attachment menu the window opens for attachments but when i am going to close a window it throws an exception as
    **FRM-40735: POST_FORM trigger raised unhandled exception ORA-06502**
    and it is not allowing to close an window i have to terminate application every time.
    what shall i do in this situation ????????

    Hello,
    There is a related known issue for the Qualifications form of Oracle Human Resources -
    PERWSQUA Cannot add Attachments to the Qualification Form - FRM-40735: POST-FORM trigger raised unhandled exception ORA-06502 (Doc ID 1470386.1)
    Reference the solution steps and search on your form name as opposed to the PERWSQUA.
    If still not resolved, please open an SR with the owning application of the form or for Forms Developer.
    Thank you,
    Deborah Bourgeois
    Oracle Customer Support

  • PKI Credential mapper problem while migratinthe project from alsb2.5 to 2.6

    We are migrating our project from alsb2.5 to alsb 2.6.
    While doing this, it is giving conflict like " there should be only one PKI Credentail mapper is allowed'.
    How to resolve this issue?
    Thnx,
    DBR

    Sounds like you have more than one credential mapper configured on your 2.6 domain but ALSB only accept one.
    For more details about credential mapper and the migration process, refer to WLS documentation:
    http://e-docs.bea.com/wls/docs90/secmanage/providers.html#1205083
    Gregory Haardt
    ALSB Prg. Manager
    [email protected]

  • I want to disable some of the check boxes on gl post form

    I am looking for form personalization that will disable the option to post some of the journal in GL Post form.
    The problem is that I managed to catch the new record event, this is operated only if the user chooses the line.
    But the user is standing on line 3 and checking line 1 2 and 4 .

    By searching for your answer in the forum.
    Rob

  • Mod_plsql: /pls/apex/f HTTP-400 Missing '=' in query string or post form

    This is the message when I click the logout button. It destroys the session though. It should redirect to login page after clicking logout button.
    We are on Apex 4.1
    Bad Request
    Your browser sent a request that this server could not understand.
    mod_plsql: /pls/apex/f HTTP-400 Missing '=' in query string or post form
    Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server Server at xxxx.xxxxx.edu Port 443
    Edited by: 965704 on Oct 30, 2012 11:42 AM

    It has been fixed but the new problem is: After signout, if I move back to previous page and click some link using <- sign then I suppose to get the login page, but i am getting
         ORA-44004: invalid qualified SQL name error message.
    The source for my login page is
    wwv_flow_custom_auth_std.login(
    P_UNAME => :P101_USERNAME,
    P_PASSWORD => :P101_PASSWORD,
    P_SESSION_ID => v('APP_SESSION'),
    P_FLOW_PAGE => :APP_ID||':1'
    );

Maybe you are looking for

  • Time Capsule on Windows Vista

    How do I get Time Capsule to work on my vista computer? My vista partition on my iMac is not working with time capsule it can not even find it when it scans for it . Please help

  • Can't open the app. Quits before it opens.

    When I was trying to open my last version of numbers, it quits. Its odd, because I use it a few days ago and everything goes well. It quits even before it appears in the "force quit appilcations" window. If I have to uninstall it...can I use the clea

  • CT5508 for two networks

    Hello Following customer request/desire I am exploring a "strange" CT5508 config. Before diving in to it deeply I would like to know if my idea is possible at all. This is what I need to start from: 1. Network is divided in two pieces , let's say "LE

  • Adobe Reader 11.0 won't install through firefox - click save and then nothing else happens

    Adobe Reader 11.0 won't install through firefox - I click save file when requested it switches to Step 2 of 3 but nothing is there and I have waited for a very long time for it to load.  Anyone else have this problem?

  • Crystal Reports Server problem

    Hi, i'm an administrator but i cann't create new objects in Crystal Reports Server. What's happening? pls. help