SAML 2.0 credential mapping Provider: Provider Specific

edocs Home > Oracle WebLogic Server Documentation > Administration Console Online Help > SAML 2.0 credential mapping Provider: Provider Specific

SAML 2.0 credential mapping Provider: Provider Specific

Configuration Options Related Tasks Related Topics
Use this page to configure provider-specific information for this SAML 2.0 credential mapping provider.
Configuration Options

Name Description

Issuer URI
The Issuer URI, or name, of this SAML 2.0 credential mapping provider.
The value that you specify for Issuer URI should match the Entity ID specified in the SAML 2.0 General page that configures the per server SAML 2.0 properties.
MBean Attribute:
SAML2CredentialMapperMBean.IssuerURI
Name of Qualifier
The Name Qualifier value used by the Name Mapper.
The value of the Name Qualifier is the security or administrative domain that qualifies the name of the subject. This provides a means to federate names from disparate user stores while avoiding the possibility of subject name collision.
MBean Attribute:
SAML2CredentialMapperMBean.NameQualifier
Default Time To Live
The time in seconds that, by default, an assertion should remain valid. The default value is 120 seconds (2 minutes).
If the value is zero, then assertions have an infinite lifetime. Using assertions with an infinite lifetime is not recommended, however.
MBean Attribute:
SAML2CredentialMapperMBean.DefaultTimeToLive
Minimum value: 0
Default Time To Live Offset
The time factor you can use to allow the credential mapping provider to compensate for clock differences between the Identity Provider and service provider sites.
The value is a positive or negative integer representing seconds. Default value is -5.
Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). This value is a positive or negative integer indicating how many seconds before or after "now" to which the assertion's NotBefore should be set. If you set a value for DefaultTimeToLiveOffset, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + TimeToLiveOffset). As a result, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now.
MBean Attribute:
SAML2CredentialMapperMBean.DefaultTimeToLiveOffset
Web Service Assertion Signing Key Alias
The alias used to retrieve from the keystore the key that is used to sign assertions.
This attribute is used for Web Services support of SAML Token Profile only.
MBean Attribute:
SAML2CredentialMapperMBean.SigningKeyAlias
Web Service Assertion Signing Key Pass Phrase
The credential, or password, used to retrieve from the keystore the keys used to sign assertions.
This attribute is used for Web Services support of SAML Token Profile only.
MBean Attribute:
SAML2CredentialMapperMBean.SigningKeyPassPhrase
Name of Mapper Class Name
Override the default SAML 2.0 credential mapper name mapper class, which maps Subjects to identity information contained in the assertion.
MBean Attribute:
SAML2CredentialMapperMBean.NameMapperClassName
Generate Attributes
Whether information, in addition to the username, will be generated in the SAML 2.0 assertion. For example, group information.
Note that the service provider partner needs to have a SAML Authentication provider configured to be able to extract and use the attribute information contained in the assertion.
MBean Attribute:
SAML2CredentialMapperMBean.GenerateAttributes

Related Tasks

Configure Credential Mapping Providers
Manage security providers
Configure SAML 2.0 general services
Configure SAML 2.0 Identity Provider services

Related Topics

Configuring Single Sign-On with Web Browsers and HTTP Clients
Using Security Assertion Markup Language (SAML) Tokens For Identity
Configuring a SAML 2.0 credential mapping Provider
Understanding WebLogic Security

Name	Description
Issuer URI	The Issuer URI, or name, of this SAML 2.0 credential mapping provider. The value that you specify for Issuer URI should match the Entity ID specified in the SAML 2.0 General page that configures the per server SAML 2.0 properties. MBean Attribute: `SAML2CredentialMapperMBean.IssuerURI`
Name of Qualifier	The Name Qualifier value used by the Name Mapper. The value of the Name Qualifier is the security or administrative domain that qualifies the name of the subject. This provides a means to federate names from disparate user stores while avoiding the possibility of subject name collision. MBean Attribute: `SAML2CredentialMapperMBean.NameQualifier`
Default Time To Live	The time in seconds that, by default, an assertion should remain valid. The default value is 120 seconds (2 minutes). If the value is zero, then assertions have an infinite lifetime. Using assertions with an infinite lifetime is not recommended, however. MBean Attribute: `SAML2CredentialMapperMBean.DefaultTimeToLive` `Minimum value: 0`
Default Time To Live Offset	The time factor you can use to allow the credential mapping provider to compensate for clock differences between the Identity Provider and service provider sites. The value is a positive or negative integer representing seconds. Default value is -5. Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). This value is a positive or negative integer indicating how many seconds before or after "now" to which the assertion's NotBefore should be set. If you set a value for DefaultTimeToLiveOffset, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + TimeToLiveOffset). As a result, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now. MBean Attribute: `SAML2CredentialMapperMBean.DefaultTimeToLiveOffset`
Web Service Assertion Signing Key Alias	The alias used to retrieve from the keystore the key that is used to sign assertions. This attribute is used for Web Services support of SAML Token Profile only. MBean Attribute: `SAML2CredentialMapperMBean.SigningKeyAlias`
Web Service Assertion Signing Key Pass Phrase	The credential, or password, used to retrieve from the keystore the keys used to sign assertions. This attribute is used for Web Services support of SAML Token Profile only. MBean Attribute: `SAML2CredentialMapperMBean.SigningKeyPassPhrase`
Name of Mapper Class Name	Override the default SAML 2.0 credential mapper name mapper class, which maps Subjects to identity information contained in the assertion. MBean Attribute: `SAML2CredentialMapperMBean.NameMapperClassName`
Generate Attributes	Whether information, in addition to the username, will be generated in the SAML 2.0 assertion. For example, group information. Note that the service provider partner needs to have a SAML Authentication provider configured to be able to extract and use the attribute information contained in the assertion. MBean Attribute: `SAML2CredentialMapperMBean.GenerateAttributes`