Home > Identity Manager, Oracle MiddleWare, SAML > Oracle STS – OnBehalfOf SAML Token Validation

Oracle STS – OnBehalfOf SAML Token Validation


There have been requests to my previous blog post on how to validate a SAML token issued by Oracle STS.

Here is the SOAP request format that should be fired on Oracle STS to validate the token:


<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:trus="http://schemas.xmlsoap.org/ws/2005/02/trust">
<soap:Header>
<wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>weblogic</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Welcome1</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<wst:RequestSecurityToken Context="Id-0001313145021190-00000000008d4682-1" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Validate</wst:RequestType>
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
<wst:ValidateTarget>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">id-McjucPrvkxXpY6m3w-8iFtvmEYQ-</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</wst:ValidateTarget>
</wst:RequestSecurityToken>
</soap:Body>
</soap:Envelope>

You get SecurityTokenReference from SAML token issued by STS. You need to use it for further validation, like above SOAP request.

This returns you with the response:


<wst:Status>
<wst:Code>http://docs.oasis-open.org/ws-sx/ws-trust/200512/status/valid</wst:Code>
</wst:Status>

 

Hope this helps.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: