SAMLCredentialMapperMBean


Overview  |   Related MBeans  |   Attributes  |   Operations

Overview

This MBean represents configuration information for the SAML Credential Mapper provider.

 

Deprecation of MBeanHome and Type-Safe Interfaces

This is a type-safe interface for a WebLogic Server MBean, which you can import into your client classes and access through weblogic.management.MBeanHome. As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, client classes that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection interface to discover MBeans, attributes, and attribute types at runtime. For more information, see "Developing Manageable Applications with JMX" on http://edocs.bea.com.

Fully Qualified Interface Name If you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:
weblogic.security.providers.saml.SAMLCredentialMapperMBean
   
Factory Methods No factory methods. Instances of this MBean are created automatically.


Related MBeans

This section describes attributes that provide access to other MBeans. For more information about the MBean hierarchy, refer to WebLogic Server MBean Data Model.


     

    Realm

    Returns the realm that contains this security provider. Returns null if this security provider is not contained by a realm.

       
    Privileges Read only    
    Type RealmMBean
    Relationship type: Reference.


    Attributes

    This section describes the following attributes:


     

    ArtifactEnabled

    If true, enable Intersite Transfer Services for ARTIFACT profile.

       
    Privileges Read/Write    
    Type boolean

     

    AssertionConfiguration

    Configuration for assertions generated by this SAML Authority.

    Assertions are configured in key=value format. You may find it convenient to write your assertion configuration in a text editor and paste it into the Assertion Configuration field.

       
    Privileges Read/Write    
    Type java.util.Properties
    Default Value {}

     

    AssertionRetrievalURIs

    One or more URI values indicating the URIs to which the SAML service should listen for incoming assertion retrieval requests.

    For artifact profile, the destination site receives a SAML artifact that represents a source site (why we need the source site ID values) and an assertion ID. The destination site sends a request containing the artifact to the source site's assertion retrieval URL, and the source site responds with the corresponding assertion. You may configure multiple URIs here, although typically one will be sufficient. The URI includes the application context, followed by the resource context. For example:

    /my_application/saml/ars

    which would be accessible from the outside as https://my.example.com/my_application/saml/ars The default value is /samlars/ars, which is a URI in the /samlars application. This application is automatically deployed by default, and serves only to host the Assertion Retrieval Service. For a typical use case, you can simply use the defaults. However, first set up SSL correctly, as the /samlars application requires a secure connection.

       
    Privileges Read/Write    
    Type class java.lang.String[]
    Default Value /samlars/ars

     

    AssertionStoreClassName

    The class that implements the persistent store for ARTIFACT profile assertions.

       
    Privileges Read/Write    
    Type java.lang.String
    Default Value

     

    AssertionStoreProperties

    Properties passed to Assertion Store class init() method. This may be useful if you have implemented a custom Assertion Store class.

       
    Privileges Read/Write    
    Type java.util.Properties
    Default Value {}

     

    CredCacheMinViableTTL

    No description provided.

       
    Privileges Read/Write    
    Type int
    Default Value 20
    Minimum value 0

     

    CredCacheSize

    No description provided.

       
    Privileges Read/Write    
    Type int
    Default Value 0
    Minimum value 0

     

    DefaultPostForm

    The URI of the default POST form to use with POST profile.

    The default POST form must be a resource on the local machine. If the default POST form resource is not in the same application as the Intersite Transfer Service used with POST profile, then it must be in an application context that shares a cookie name with the Intersite Transfer Service application context.

       
    Privileges Read/Write    
    Type java.lang.String
    Default Value

     

    DefaultTimeToLive

    Time in seconds that, by default, an assertion should remain valid.

    If the value is zero, then assertions have an infinite lifetime. Using assertions with an infinite lifetime is not recommended, however.

       
    Privileges Read/Write    
    Type int
    Default Value 120
    Minimum value 0

     

    DefaultTimeToLiveDelta

    A time factor you can use to allow the Credential Mapper to compensate for clock differences between the source and destination sites. The value is a positive or negative integer representing seconds.

    Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). This value is a positive or negative integer indicating how many seconds before or after "now" the assertions NotBefore should be set to. If you set a value for DefaultTimeToLiveDelta, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + TimeToLiveDelta). So, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now. This allows the Credential Mapper to compensate for clock differences between the source and destination sites. The default can be overridden for specific assertions.

       
    Privileges Read/Write    
    Type int
    Default Value 0

     

    Description

    Description of the SAML Credential Mapper provider.

       
    Privileges Read only    
    Type java.lang.String
    Default Value WebLogic SAML credential mapping Provider. Supports Security Assertion Markup Language v1.1.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

     

    IntersiteTransferURIs

    The Intersite Transfer URIs for this SAML source site.

       
    Privileges Read/Write    
    Type class java.lang.String[]
    Default Value /samlits_ba/its/post /samlits_ba/its/artifact /samlits_cc/its/post /samlits_cc/its/artifact

     

    IssuerURI

    The Issuer URI (name) of this SAML Authority.

       
    Privileges Read/Write    
    Type java.lang.String
    Default Value

     

    MinimumParserPoolSize

    The minimum number of parsers to maintain in the parser pool.

       
    Privileges Read/Write    
    Type int
    Default Value 5
    Minimum value 0

     

    Name of

       
    Privileges Read only    
    Type java.lang.String
    Default Value SAMLCredentialMapper
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

     

    Name ofMapperClassName

    The name of the Java class that maps Subjects to SAML Assertion name information. When no mapper is specified, the default mapper implementation is used.

       
    Privileges Read/Write    
    Type java.lang.String
    Default Value

     

    Name ofQualifier

    The Name Qualifier value used by the Name Mapper.

    The value of the Name Qualifier is the security or administrative domain that qualifies the name of the subject. This provides a means to federate names from disparate user stores while avoiding the possibility of subject name collision.

       
    Privileges Read/Write    
    Type java.lang.String
    Default Value

     

    PostEnabled

    If true, enable Intersite Transfer Services for POST profile.

       
    Privileges Read/Write    
    Type boolean

     

    ProviderClassName

    The name of the Java class used to load the SAML Credential Mapper provider.

       
    Privileges Read only    
    Type java.lang.String
    Default Value weblogic.security.providers.saml.SAMLCredentialMapperProviderImpl
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

     

    SourceIdBase64

    A Base64 representation, calculated from the SourceSiteURL field, which must contain a valid URL value if either of the single sign-on profiles (POST or ARTIFACT) are enabled.

    This read-only value is a Base64 representation of a 20-byte binary value that is calculated from the SourceSiteURL. If you want to configure ARTIFACT profile with another site, you will need to give a SourceId value to the other site. This value is are automatically updated when the SourceSiteURL changes.

       
    Privileges Read only    
    Type java.lang.String
    Default Value

     

    SourceIdHex

    A hexadecimal representation, calculated from the SourceSiteURL field, which must contain a valid URL value if either of the single sign-on profiles (POST or ARTIFACT) are enabled.

    This read-only value is a hexadecimal representation of a 20-byte binary value that is calculated from the SourceSiteURL. If you want to configure ARTIFACT profile with another site, you will need to give a SourceId value to the other site. This value is are automatically updated when the SourceSiteURL changes.

       
    Privileges Read only    
    Type java.lang.String
    Default Value

     

    SourceSiteURL

    The Source Site URL (name) of this SAML source site.

       
    Privileges Read/Write    
    Type java.lang.String
    Default Value

     

    Version

    The version number of the SAML Credential Mapper provider.

       
    Privileges Read only    
    Type java.lang.String
    Default Value 1.0
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.


    Operations

    This section describes the following operations:


     

    isSet

    Returns true if the specified attribute has been set explicitly in this MBean instance.

    Operation Name "isSet"    
    Parameters Object [] {  propertyName }

    where:

    • propertyName is an object of type java.lang.String that specifies:

      property to check

    Signature String [] { "java.lang.String" }
    Returns boolean
    Exceptions

    • java.lang.IllegalArgumentException

     

    unSet

    Restore the given property to its default value.

    Operation Name "unSet"    
    Parameters Object [] {  propertyName }

    where:

    • propertyName is an object of type java.lang.String that specifies:

      property to restore

    Signature String [] { "java.lang.String" }
    Returns void
    Exceptions

    • java.lang.IllegalArgumentException
      UnsupportedOperationException if called on a runtime implementation.

     

    wls_getDisplayName

    Operation Name "wls_getDisplayName"    
    Parameters null
    Signature null
    Returns String