| Name of
| Name of service provider partner. Available in the com.bea.security.saml2.providers.registry.Partner interface.
|
| Enabled
| Whether interactions with this service provider partner are enabled on this server. Available in the com.bea.security.saml2.providers.registry.Partner interface.
|
| Description
| Description of this service provider partner. Available in the com.bea.security.saml2.providers.registry.Partner interface.
|
| Service Provider Name Mapper Class Name
| Override the default username mapper class which the SAML 2.0 credential mapping provider is configured in the security realm. Custom implementation of the com.bea.security.saml2.providers.SAML2CredentialNameMapper Used for assertions generated for this specific service provider partner. Available in the com.bea.security.saml2.providers.registry.SPPartner interface.
|
| Time To Live
| The time to live value, in seconds, for assertions generated for this service provider partner. Override the default setting for the SAML 2.0 credential mapping provider. Available in the com.bea.security.saml2.providers.registry.SPPartner interface.
|
| Time To Live Offset
| The time to live offset value, in seconds, for assertions generated for this service provider partner. Override the default setting for the SAML 2.0 credential mapping provider. You can specify this value to allow the SAML 2.0 credential mapping provider to compensate for clock differences between the identity provider and service provider sites. The value is a positive or negative integer representing seconds.
Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). However, the identity provider site and service provider site may have minor differences in their clock settings. The Time To Live offset value is a positive or negative integer indicating how many seconds before or after "now" the assertion's NotBefore should be set to. If you set a value for the Assertion Time To Live Offset, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + Assertion Time To Live Offset). So, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now. This allows the SAML 2.0 credential mapping provider to compensate for clock differences between the identity provider and service provider sites.
Available in the com.bea.security.saml2.providers.registry.SPPartner interface.
|
| Generate Attributes
| Whether this server's SAML 2.0 credential mapping provider creates attribute statements in the assertions generated for this service provider partner. The attribute statements specify group information about the user that can subsequently be extracted by the service provider's SAML 2.0 identity assertion provider. This enables the service provider to map group as well as user information from the assertion.
Available in the com.bea.security.saml2.providers.registry.SPPartner interface.
|
| Include One Time Use Condition
| Whether the assertions sent to this service provider partner are disposed of immediately after use and are not available
for reuse. Available in the com.bea.security.saml2.providers.registry.SPPartner interface.
|
| Key Info Included
| Whether this server's signing certificate is included in assertions generated for this service provider partner. Note that WebLogic Server's SAML 2.0 implementation uses only the certificates that are referenced in the partner registry, not certificates contained in assertions. Available in the com.bea.security.saml2.providers.registry.SPPartner interface.
|
| Only Accept Signed Assertions
| Whether the service provider partner is configured to receive only assertions that have been signed. Available in the com.bea.security.saml2.providers.registry.SPPartner interface.
|
| Only Accept Signed Authentication Requests
| Whether the local identity provider services are configured to accept only signed authentication requests. If true, unsigned authentication requests from this service provider partner are rejected. Available in the com.bea.security.saml2.providers.registry.WebSSOSPPartner interface.
|
| Only Accept Signed Artifact Requests
| Whether inbound SAML artifact requests from this Service Provider partner must be signed. If enabled, unsigned artifact requests received from this Service Provider are rejected. This attribute is available to be set if the Artifact binding is enabled for either partner. Available in the com.bea.security.saml2.providers.registry.WebSSOPartner interface.
|
| Send Artifact via POST
| Whether SAML artifacts are delivered to this Service Provider partner via the HTTP POST binding. If false, artifacts are delivered via the HTTP GET binding. Available in the com.bea.security.saml2.providers.registry.WebSSOPartner interface.
|
| Artifact Binding POST Form
| The URI of the custom web application that generates the HTTP POST form for sending the SAML artifact. You may enter a URI in this field only if Send Artifact via POST is enabled. Details about the required fields in this custom application are available in the OASIS SAML 2.0 specifications. Available in the com.bea.security.saml2.providers.registry.WebSSOPartner interface.
|
| POST Binding POST Form
| The URI of the custom web application that generates the HTTP POST form for sending the message via the POST binding. Details about the required fields in this custom application are available in the OASIS SAML 2.0 specifications. Available in the com.bea.security.saml2.providers.registry.WebSSOPartner interface.
|
| Client User Name
| The username that is expected from this service provider partner when connecting to the partner site's SOAP/HTTPS binding using Basic authentication. Available in the com.bea.security.saml2.providers.registry.BindingClientPartner interface.
|
| Client Password
| The password for the client username. Available in the com.bea.security.saml2.providers.registry.BindingClientPartner interface.
|