1 Reply Latest reply: Sep 18, 2012 7:31 AM by Luis RSS

    SAML2 Service Provider not writing artifact key to cache

    962565
      I have been following http://biemond.blogspot.com/2009/09/sso-with-weblogic-1031-and-saml2.html to attempt to get Single Sign On working.

      I created 2 new WebLogic 10.3.3 domains using an RDBMS Security Store (They are both pointing to the same RDBMS Security Store). I went through the guide, and after some time and troubleshooting was able to complete all the steps. I then created a very very basic JSF2 application that basically has a secured blank page. I set up this URL in the Service Provider configuration so that when I attempt to browse to the url http://localhost:7002/saml-test/ (7002 is the port I assigned the second server, it is not ssl) it does successfully attempt to redirect to the Identity Provider for authentication. However; when it redirects I get a 403 Forbidden Error.

      Based on the logs it appears that the Service Provider is writing the artifact key to "the cache" (logs aren't specific, but I'm assuming DemoIdentity.jks?). But when the Identity Provider attempts to retrieve the key from the cache it finds nothing and returns null, causing an exception. I also attempted to view the DemoIdentity.jks contents by using:

      keytool -list -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase

      And the key specified in the logs is not there. I also looked at all the data in the RDBMS database and could not find the key there. I'm assuming I am just missing some basic understanding of what is going on here, but I've been pulling my hair out with this thing for a week, and have had no luck figuring it out.

      Below are the logs: (Note: I removed some of the leading debug info like time and date to save space)

      Service Provider Logs:

      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667020> <BEA-000000> <SAML2Filter: Processing request on URI '/saml-test/index.xhtml'>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667020> <BEA-000000> <getServiceTypeFromURI(): request URI is '/saml-test/index.xhtml'>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667020> <BEA-000000> <getServiceTypeFromURI(): request URI is not a service URI>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667020> <BEA-000000> <getServiceTypeFromURI(): returning service type 'SPinitiator'>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667020> <BEA-000000> <SP initiating authn request: processing>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667036> <BEA-000000> <SP initiating authn request: partner id is null>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667036> <BEA-000000> <weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyInfo>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667036> <BEA-000000> <weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyStore>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667036> <BEA-000000> <weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyStore Checking if the Keystore file was modified>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667052> <BEA-000000> <put: item with key _0x55e0aecb9df9ad1a2061c408ed8fb7a6 is saved in cache.>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667052> <BEA-000000> <SP initiating authn request: use partner binding HTTP/Artifact>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667067> <BEA-000000> <put: item with key AAQAAApriktiqPxDEvWbV4yOYVVARn3nNdPnLeD3F4z6gSCUJyQg8b2cZZI= is saved in cache.>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667067> <BEA-000000> <store saml object org.opensaml.saml2.core.impl.AuthnRequestImpl@1d0397d, BASE64 encoded artifact is AAQAAApriktiqPxDEvWbV4yOYVVARn3nNdPnLeD3F4z6gSCUJyQg8b2cZZI=>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667067> <BEA-000000> <post artifact: false>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667067> <BEA-000000> <local ARS binding location: http://localhost:7001/saml2/idp/sso/artifact>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667067> <BEA-000000> <post form template url: null>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667067> <BEA-000000> <URL encoded artifact: AAQAAApriktiqPxDEvWbV4yOYVVARn3nNdPnLeD3F4z6gSCUJyQg8b2cZZI%3D>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667067> <BEA-000000> <URL encoded relay state: null>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667067> <BEA-000000> <artifact is sent in http url:http://localhost:7001/saml2/idp/sso/artifact?SAMLart=AAQAAApriktiqPxDEvWbV4yOYVVARn3nNdPnLeD3F4z6gSCUJyQg8b2cZZI%3D>

      Identity Provider Logs:


      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <SAML2Servlet: Processing request on URI '/saml2/idp/sso/artifact'>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <getServiceTypeFromURI(): request URI is '/saml2/idp/sso/artifact'>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <getServiceTypeFromURI(): service URI is '/idp/sso/artifact'>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <getServiceTypeFromURI(): returning service type 'SSO'>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <Request URI: /saml2/idp/sso/artifact>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <Method: GET>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <Query string: SAMLart=AAQAAApriktiqPxDEvWbV4yOYVVARn3nNdPnLeD3F4z6gSCUJyQg8b2cZZI%3D>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <     Accept: */*>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <     Accept-Language: en-us>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <     User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 3.0.04506.648; MS-RTC LM 8; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727)>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <     Accept-Encoding: gzip, deflate>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <     Host: localhost:7001>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <     Connection: Keep-Alive>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyInfo>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyStore>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyStore Checking if the Keystore file was modified>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <ssl client key:Sun RSA private CRT key, 512 bits
      modulus: 7817332509587397552890028336578207339286770598290114724527725719770879356379795125511472689827439136630867724827096844273172334826513804343303721031800247
      public exponent: 65537
      private exponent: 2389560434022984500008330220587930903580143665342415250567830833638555718851227441135738538593823573280638974177840057994863001694333515217638747428107137
      prime p: 89878601557891020780681845905770729690536603261106674473148151816104280723703
      prime q: 86976570330283066459007767878319559738265898367448286741620259855280595939649
      prime exponent p: 49531492934775012550710075660752268859317797579709015700240960055270126903855
      prime exponent q: 86241336493473679108071803409323587446354469591404733468585827031687427955905
      crt coefficient: 20900431671220180283467175612491957186643034513437468583594091501365673934630, ssl client cert chain:[Ljava.security.cert.Certificate;@17de8c5>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <get BASE64 encoded artifact from http request, value is:AAQAAApriktiqPxDEvWbV4yOYVVARn3nNdPnLeD3F4z6gSCUJyQg8b2cZZI=>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667083> <BEA-000000> <ArtifactResolver: sha-1 hash value of remote partner id is '0x0a6b8a4b62a8fc4312f59b578c8e615540467de7'>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667099> <BEA-000000> <ArtifactResolver: found remote partner 'WebSSO-SP-Partner-0' with entity ID 'saml2AP'>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667099> <BEA-000000> <ArtifactResolver: returning partner: com.bea.security.saml2.providers.registry.WebSSOSPPartnerImpl@1f2ba20>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667099> <BEA-000000> <partner entityid issaml2AP, end point index is:0>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667099> <BEA-000000> <find end point:com.bea.security.saml2.providers.registry.IndexedEndpointImpl@1676886, binding location is:http://localhost:7001/saml2/sp/ars/soap>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667099> <BEA-000000> <weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyInfo>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667099> <BEA-000000> <weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyInfo>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667099> <BEA-000000> <got samlp:ArtifactResolve signing key:Sun RSA private CRT key, 512 bits
      modulus: 7817332509587397552890028336578207339286770598290114724527725719770879356379795125511472689827439136630867724827096844273172334826513804343303721031800247
      public exponent: 65537
      private exponent: 2389560434022984500008330220587930903580143665342415250567830833638555718851227441135738538593823573280638974177840057994863001694333515217638747428107137
      prime p: 89878601557891020780681845905770729690536603261106674473148151816104280723703
      prime q: 86976570330283066459007767878319559738265898367448286741620259855280595939649
      prime exponent p: 49531492934775012550710075660752268859317797579709015700240960055270126903855
      prime exponent q: 86241336493473679108071803409323587446354469591404733468585827031687427955905
      crt coefficient: 20900431671220180283467175612491957186643034513437468583594091501365673934630>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667099> <BEA-000000> <weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyInfo>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667099> <BEA-000000> <weblogic.security.service.internal.SAMLKeyServiceImpl.getKeyInfo>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667114> <BEA-000000> <<?xml version="1.0" encoding="UTF-8"?><samlp:ArtifactResolve xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_0x419833daa9699be237eb505d62fe5ab2" IssueInstant="2012-09-17T13:47:47.099Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">saml2CMP</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
      <ds:Reference URI="#_0x419833daa9699be237eb505d62fe5ab2">
      <ds:Transforms>
      <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
      <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml samlp"/></ds:Transform>
      </ds:Transforms>
      <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
      <ds:DigestValue>QBOav/grXIftH9szz7jigjkJSXe5oeTUe+mecOWQs44=</ds:DigestValue>
      </ds:Reference>
      </ds:SignedInfo>
      <ds:SignatureValue>
      C9bKLG5yYjU0UvLj0nlN8KJJfRoQiGzse8ZeSVOR2nHicx3M3YQjGgzNJdDIiC69FoUitEOBNAHg
      oYfLcc/5Uw==
      </ds:SignatureValue>
      </ds:Signature><samlp:Artifact>AAQAAApriktiqPxDEvWbV4yOYVVARn3nNdPnLeD3F4z6gSCUJyQg8b2cZZI=</samlp:Artifact></samlp:ArtifactResolve>>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667114> <BEA-000000> <open connection to send samlp:ArtifactResolve. partner id:saml2AP, endpoint url:http://localhost:7001/saml2/sp/ars/soap>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667114> <BEA-000000> <isClientPasswordSet:false>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667114> <BEA-000000> <connect to remote ARS.>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667114> <BEA-000000> <SoapSynchronousBindingClient.sendAndReceive: begin to send SAMLObject to server.>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667114> <BEA-000000> <SoapSynchronousBindingClient.sendAndReceive: sending completed, now waiting for server response.>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667317> <BEA-000000> <SAML2Servlet: Processing request on URI '/saml2/sp/ars/soap'>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667317> <BEA-000000> <getServiceTypeFromURI(): request URI is '/saml2/sp/ars/soap'>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667317> <BEA-000000> <getServiceTypeFromURI(): service URI is '/sp/ars/soap'>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667317> <BEA-000000> <getServiceTypeFromURI(): returning service type 'ARS'>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667317> <BEA-000000> <ArtifactResolutionService.process: get SoapHttpBindingReceiver as receiver and SoapHttpBindingSender as sender.>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667333> <BEA-000000> <remove: key AAQAAApriktiqPxDEvWbV4yOYVVARn3nNdPnLeD3F4z6gSCUJyQg8b2cZZI= does not exist in cache.>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667333> <BEA-000000> <retrieve: no message was found in cache with the messageHandle, return null.>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667333> <BEA-000000> <SoapHttpBindingSender.sendResponse: Set HTTP headers to prevent HTTP proxies cache SAML protocol messages.>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667333> <BEA-000000> <SoapHttpBindingSender.send: the SOAP envelope to be sent is :
      >
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667333> <BEA-000000> <<?xml version="1.0" encoding="UTF-8"?><soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/"><soap11:Body><samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_0xd927ce91bb367412a50520dc7695df1e" InResponseTo="_0x419833daa9699be237eb505d62fe5ab2" IssueInstant="2012-09-17T13:47:47.333Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">saml2CMP</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/><samlp:StatusMessage>[Security:096502]There is no saml message in returned samlp:ArtifactResponse.</samlp:StatusMessage></samlp:Status></samlp:ArtifactResponse></soap11:Body></soap11:Envelope>>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667349> <BEA-000000> <SoapSynchronousBindingClient.sendAndReceive: response code from server is: 200>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667349> <BEA-000000> <SoapSynchronousBindingClient.sendAndReceive: get a HTTP_OK response, now receive a SOAP envelope message.>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667349> <BEA-000000> <SoapSynchronousBindingClient.sendAndReceive: found XMLObject in envelope, return it.>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667349> <BEA-000000> <http url connection disconnect.>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667349> <BEA-000000> <<?xml version="1.0" encoding="UTF-8"?><samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_0xd927ce91bb367412a50520dc7695df1e" InResponseTo="_0x419833daa9699be237eb505d62fe5ab2" IssueInstant="2012-09-17T13:47:47.333Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">saml2CMP</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/><samlp:StatusMessage>[Security:096502]There is no saml message in returned samlp:ArtifactResponse.</samlp:StatusMessage></samlp:Status></samlp:ArtifactResponse>>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667349> <BEA-000000> <get samlp:ArtifactResponse and verify it.>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667349> <BEA-000000> <saml version:2.0>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667349> <BEA-000000> <inResponseTo:_0x419833daa9699be237eb505d62fe5ab2>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667349> <BEA-000000> <status code: urn:oasis:names:tc:SAML:2.0:status:Success>
      #<SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889667349> <BEA-000000> <status message: [Security:096502]There is no saml message in returned samlp:ArtifactResponse.>
      ####<Sep 17, 2012 9:47:49 AM EDT> <Debug> <SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889669802> <BEA-000000> <[Security:096577]Failed to receive AuthnRequest document from the requester.>
      ####<Sep 17, 2012 9:47:49 AM EDT> <Debug> <SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889669802> <BEA-000000> <Caused by: [Security:096502]There is no saml message in returned samlp:ArtifactResponse.>
      ####<Sep 17, 2012 9:47:49 AM EDT> <Debug> <SecuritySAML2Service> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1347889669802> <BEA-000000> <exception info
      com.bea.security.saml2.service.SAML2Exception: [Security:096577]Failed to receive AuthnRequest document from the requester.
           at com.bea.security.saml2.service.sso.SSOServiceProcessor.receive(SSOServiceProcessor.java:301)
           at com.bea.security.saml2.service.sso.SSOServiceProcessor.processAuthnRequest(SSOServiceProcessor.java:118)
           at com.bea.security.saml2.service.sso.SSOServiceProcessor.process(SSOServiceProcessor.java:100)
           at com.bea.security.saml2.service.sso.SingleSignOnServiceImpl.process(SingleSignOnServiceImpl.java:50)
           at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
           at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
           at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
           at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
           at java.lang.reflect.Method.invoke(Method.java:597)
           at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:27)
           at $Proxy26.process(Unknown Source)
           at com.bea.security.saml2.servlet.SAML2Servlet.service(SAML2Servlet.java:34)
           at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
           at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
           at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
           at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
           at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
           at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3686)
           at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
           at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
           at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
           at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
           at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
           at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
           at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
           at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

      Caused By: com.bea.security.saml2.binding.BindingHandlerException: [Security:096502]There is no saml message in returned samlp:ArtifactResponse.
           at com.bea.security.saml2.artifact.impl.AbstractArtifactResolver.getSamlMsg(AbstractArtifactResolver.java:459)
           at com.bea.security.saml2.artifact.impl.AbstractArtifactResolver.resolve(AbstractArtifactResolver.java:304)
           at com.bea.security.saml2.binding.impl.ArtifactBindingReceiver.resolve(ArtifactBindingReceiver.java:77)
           at com.bea.security.saml2.binding.impl.ArtifactBindingReceiver.receiveRequest(ArtifactBindingReceiver.java:40)
           at com.bea.security.saml2.service.sso.SSOServiceProcessor.receive(SSOServiceProcessor.java:295)
           at com.bea.security.saml2.service.sso.SSOServiceProcessor.processAuthnRequest(SSOServiceProcessor.java:118)
           at com.bea.security.saml2.service.sso.SSOServiceProcessor.process(SSOServiceProcessor.java:100)
           at com.bea.security.saml2.service.sso.SingleSignOnServiceImpl.process(SingleSignOnServiceImpl.java:50)
           at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
           at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
           at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
           at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
           at java.lang.reflect.Method.invoke(Method.java:597)
           at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:27)
           at $Proxy26.process(Unknown Source)
           at com.bea.security.saml2.servlet.SAML2Servlet.service(SAML2Servlet.java:34)
           at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
           at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
           at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
           at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
           at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
           at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3686)
           at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
           at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
           at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
           at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
           at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
           at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
           at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
           at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
      >
        • 1. Re: SAML2 Service Provider not writing artifact key to cache
          Luis
          Hi user13435437,

          The key=AAQAAApriktiqPxDEvWbV4yOYVVARn3nNdPnLeD3F4z6gSCUJyQg8b2cZZI= is the SAMLArtifact id, it has nothing to do with any of the public/private keys of the managed servers.

          My scenario is a little bit different: Weblogic working as SP and ADFS2 as IdP. What I would recommend you s to use the HTTP-POST & HTTP-REDIRECT binding instead of the Artifact one.

          But if you want to remain with this binding maybe you should check the "Authentication Request Cache Timeout" attribute.

          Hope it helps,

          Luis