Members | Sign In
Weblogic Wonders > Security

SAML2 SP-initiated use case with Weblogic 10.3.4.

posted Jul 05, 2011 13:24:31 by uo67113
Hi everybody,

I am implementing this use case. For this I have configured a Weblogic server working as a Service Provider, and I have a third party Identity Provider.

Everything seems to work fine. I have registered a Web application in my server and I have add its URI to the "Redirect Uris" of my "SAML 2.0 Web Single Sign-on Identity Provider Partner's General Properties". Now, when I ask for this application I am being redirected to the Identity Provider partner login page.

Now I need to limit the access just to a group of users, so I set up the next access control policies and roles in my Web application:




When I logged in my Identity Provider I can see that my user, really belongs to "myGroupName":

<Attribute Name="">
<AttributeValue>Domain Users</AttributeValue>

The problem is that I am getting a "Error 403--Forbidden"

In the server log I can see that my user is being authenticated:
<SAMLIALoginModule: login(): User name is ''>

But it seems that the SAMLIALoginModule is not being able to getting my groups from the assertion:
<SAMLIALoginModule: login(): Got groups: null>

And finally my requested is being denied by the server:

<SecurityAtz>...<Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(FederatedUsers,Anonymous) -> false>
<urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Esample_weblogic_app@M@OcontextPath@E@Uweblogic_app@M@Ouri@E@Usecure@U@K, 1.0 evaluates to Deny>
<XACML Authorization isAccessAllowed(): returning DENY>
< AccessDecision returned DENY>

I have turn on all the security debug options ( thank you very much guys!!!)

Any ideas?

Thanks in advance,


page   1
2 replies
uo67113 said Jul 21, 2011 07:23:22
Hi everybody,

I get an answer in the OTN Discussion Forums, thanks!!!

Thanks and best regards,

uo67113 said Sep 19, 2011 10:17:28
Hi everybody,

Finally solved, see:

Best regards,

Login below to reply: