WebLogic12.2.1.3 signs SAML2 requests and responses with SHA-256 by Martien van den Akker

image

Today I reviewed a few responses on a ‘What’s new in Weblogic 12.2.1.3’ question.
One of the responses mentioned the whats-new document.

Now, I’m not used to study these documents. But today I browsed through them and one thing caught my eye.

I did some implementations of Weblogic as a SAML2 Service Provider against MS ADFS. I’m even invited to do a talk ‘SSO with ADFS for Apex Using Weblogic and ORDS: How I did it and Where I Tripped‘ at the UKOUG Southern Technology Summit 2019, july 2nd.
What’s interesting here is that about 2 years ago I already wrote about my earlier experiences, and mentioned that Weblogic 12c did not support SHA-256 for the signing of SAML requests. So you had to configure ADFS to use SHA-1. In my latest implementation it stroke me that I did not have to force my ADFS counterpart to set that, at least I think I didn’t. ADFS as you might expect for really some time now, uses SHA2 (SHA-256) as a default. But only today I saw that under Manageability Improvements -> Security is mentioned that Weblogic 12.2.1.3 also has SHA2 as a default now.
Knowing this will improve my talk greatly. I’m glad I saw this. It might seem to be a minor thing, but I think it’s quite important. Read the complete article here.

Developer Partner Community

For regular information become a member in the Developer Partner Community please register here.

clip_image003 Blog clip_image005 Twitter clip_image004 LinkedIn image[7][2][2][2] Facebook image Meetups

Technorati Tags: PaaS,Cloud,Middleware Update,WebLogic, WebLogic

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.