Skip to Main Content
Forums

Database Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Request Parameters lost in SAML SSO

676842Aug 18 2009 — edited Aug 18 2009
I have successfully configured SSO between two applications with the help of steps given at http://www.oracle.com/technology/pub/articles/dev2arch/2006/12/sso-with-saml.html. The SSO is working fine and after authenticating through appA, I am able to navigate through appB without need to reauthenticate. I am facing two issues.

*1.* When I navigate from appA to appB through a link and if there are some request parameters posted through a form then I don't get those parameters in request in appB landing page. But I am able to see in the logs that those parameters do reach SSO filters. See below the excerpt from the logs on appB server. Please let me know if there is any configuration or specific way to get these parameters. I also tried to search in BEA docs and it says that POST parameters are stored but doesn't give the details about where they are stored and how to retrieve them.

<BEA-000000> <SAMLServletAuthenticationFilter doFilter()>
<BEA-000000> *<SAMLServletAuthenticationFilter request parameters:>*
<BEA-000000> *< testParameter1: Hello>*
<BEA-000000> *< jsMenu: dynamicJs/Menu.js>;*
<BEA-000000> *< appLocale: en_US>*
<BEA-000000> *< baseUrl: https://something.com>*
<BEA-000000> <SAMLServletAuthenticationFilter request attributes:>
<BEA-000000> < weblogic.servlet.network_channel.port: 6001>
<BEA-000000> <SAMLServletAuthenticationFilter request headers:>
<BEA-000000> < Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*>
<BEA-000000> < Accept-Language: en-us>
<BEA-000000> < Content-Type: application/x-www-form-urlencoded>
<BEA-000000> < UA-CPU: x86>
<BEA-000000> < Accept-Encoding: gzip, deflate>
<BEA-000000> < User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1)>
<BEA-000000> < Host: something.abc.def:6001>
<BEA-000000> < Content-Length: 652>
<BEA-000000> < Connection: Keep-Alive>
<BEA-000000> < Cache-Control: no-cache>
<BEA-000000> < Cookie: JSESSIONID=ZJSmKFWLfCTQysL82X0nfjZn1h62vtD2LWTK0D0Wdm9r47YlcgW1!1231125320>

_2._ Second issue is that when I am running both the apps on same host and after SSO if I navigate back to appA it throws login page. It seems as soon as SSO happens some cookie gets overwritten. I don' get this problem if both the apps are on different hostnames

Edited by: user7507600 on Aug 18, 2009 10:30 AM
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 15 2009
Added on Aug 18 2009
#database-security, #database-security-general, #sso
0 comments
2,145 views