Ace

In IdP initiated SSO, you might have a jsp/html resource at IdP end where SP services are defined having  similar form snippet: <input type="hidden" name="SPName" value="<%=spname%>" <input type="hidden" name="RequestURL" value="<%=requestURL%>" <input type="hidden" name="param1" value="<%=value1%>" <input type="hidden" name="param2" value="<%=value2%>" <input type="hidden" name="param3" value="<%=value3%>" However you are getting following exception whenever SP service is invoked from above jsp/html: ####<Sep 29, 2011 2:01:14 PM IST> <Debug> <SecuritySAML2Service> <MyMac> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1311113162898>

Sometimes it might be a requirement that a JEE application, deployed on WebLogic, needs an access to MBeans (Server, domain  or custom MBeans). With WebLogic default administrator user and other users who belong to default administrator group “Administrators” such a thing is possible quite easily. However it is not a good practice as the admin credentials would unnecessarily get exposed to application (and it may in-turn have security consequences). So, the question comes up - can we avoid using these admin credentials and instead use appropriate credentials, in our application, based on role access? The answer is yes - this requirement involves working with JMX policies. WebLogic provides a way for creating new as well as modifying existing (default) JMX policies. So what you can do is use the JMX policy editor to grant non-admin user/group a write access to the required MBean. JMX policy editor is described here . Also refer this to enable the JMX policy editor if it i