com.bea.security.saml2.providers
Interface SAML2CredentialMapperMBean

All Superinterfaces:

weblogic.management.security.ApplicationVersionerMBean, weblogic.management.security.credentials.CredentialMapperMBean, weblogic.management.security.ExportMBean, weblogic.management.security.ImportMBean, weblogic.management.utils.ListerMBean, weblogic.management.utils.NameListerMBean, weblogic.management.security.ProviderMBean, SAML2PartnerRegistryMBean, SAML2SPPartnerRegistryMBean

public interface SAML2CredentialMapperMBean
extends weblogic.management.security.credentials.CredentialMapperMBean, SAML2SPPartnerRegistryMBean, weblogic.management.security.ImportMBean, weblogic.management.security.ExportMBean, weblogic.management.security.ApplicationVersionerMBean

This MBean represents configuration information for the SAML 2.0 Credential Mapping provider.

Deprecation of MBeanHome and Type-Safe Interfaces

This is a type-safe interface for a WebLogic Server MBean, which you can import into your client classes and access through weblogic.management.MBeanHome. As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, client classes that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection interface to discover MBeans, attributes, and attribute types at runtime. For more information, see "Developing Manageable Applications with JMX" on http://www.oracle.com/technology/documentation/index.html.

Method Summary

int	getCredCacheMinViableTTL() The minimum time, in seconds, that assertion credentials must be viable before being eligible to be cached.
int	getCredCacheSize() The size of the cache used to store assertion credentials.
int	getDefaultTimeToLive() The time in seconds that, by default, an assertion should remain valid.
int	getDefaultTimeToLiveOffset() The time factor you can use to allow the Credential Mapping provider to compensate for clock differences between the Identity Provider and Service Provider sites.
String	getDescription() A short description of the SAML 2.0 Credential Mapping provider.
boolean	getGenerateAttributes() Specifies whether information, in addition to the username, will be generated in the SAML 2.0 assertion.
String	getIssuerURI() The Issuer URI, or name, of this SAML 2.0 Credential Mapping provider.
String	getName() The name of this configuration.
String	getNameMapperClassName() The Java class that overrides the default SAML 2.0 credential mapper name mapper class, which maps Subjects to identity information contained in the assertion.
String	getNameQualifier() The Name Qualifier value used by the Name Mapper.
String	getProviderClassName() The Java class used to load the SAML 2.0 Credential Mapping provider.
String	getSigningKeyAlias() The alias used to retrieve from the keystore the key that is used to sign assertions.
String	getSigningKeyPassPhrase() The credential, or password, used to retrieve from the keystore the keys used to sign assertions.
byte[]	getSigningKeyPassPhraseEncrypted()
String[]	getSupportedExportConstraints() The security data that you want to be exported from this Credential Mapping provider's data store.
String[]	getSupportedExportFormats() The format of the file to export.
String[]	getSupportedImportConstraints() The security data that you want to be imported into this Credential Mapping provider's data store.
String[]	getSupportedImportFormats() The format of the file to import.
String	getVersion() The version number of the SAML 2.0 Credential Mapping provider.
void	setCredCacheMinViableTTL(int newValue) The minimum time, in seconds, that assertion credentials must be viable before being eligible to be cached.
void	setCredCacheSize(int newValue) The size of the cache used to store assertion credentials.
void	setDefaultTimeToLive(int newValue) The time in seconds that, by default, an assertion should remain valid.
void	setDefaultTimeToLiveOffset(int newValue) The time factor you can use to allow the Credential Mapping provider to compensate for clock differences between the Identity Provider and Service Provider sites.
void	setGenerateAttributes(boolean newValue) Specifies whether information, in addition to the username, will be generated in the SAML 2.0 assertion.
void	setIssuerURI(String newValue) The Issuer URI, or name, of this SAML 2.0 Credential Mapping provider.
void	setNameMapperClassName(String newValue) The Java class that overrides the default SAML 2.0 credential mapper name mapper class, which maps Subjects to identity information contained in the assertion.
void	setNameQualifier(String newValue) The Name Qualifier value used by the Name Mapper.
void	setSigningKeyAlias(String newValue) The alias used to retrieve from the keystore the key that is used to sign assertions.
void	setSigningKeyPassPhrase(String newValue) The credential, or password, used to retrieve from the keystore the keys used to sign assertions.
void	setSigningKeyPassPhraseEncrypted(byte[] _bytes)

Methods inherited from interface weblogic.management.security.ProviderMBean

getRealm

Methods inherited from interface com.bea.security.saml2.providers.SAML2SPPartnerRegistryMBean

addSPPartner, consumeSPPartnerMetadata, getSPPartner, listSPPartners, newEndpoint, newIndexedEndpoint, newWebSSOSPPartner, newWSSSPPartner, removeSPPartner, spPartnerExists, updateSPPartner

Methods inherited from interface com.bea.security.saml2.providers.SAML2PartnerRegistryMBean

loadCertificate

Methods inherited from interface weblogic.management.security.ProviderMBean

getRealm

Methods inherited from interface weblogic.management.utils.NameListerMBean

getCurrentName

Methods inherited from interface weblogic.management.utils.ListerMBean

advance, close, haveCurrent

Methods inherited from interface weblogic.management.security.ImportMBean

importData

Methods inherited from interface weblogic.management.security.ExportMBean

exportData

Method Detail

getProviderClassName

String getProviderClassName()

The Java class used to load the SAML 2.0 Credential Mapping provider.

Default Value:

"com.bea.security.saml2.providers.SAML2CredentialMapperProviderImpl"

getDescription

String getDescription()

A short description of the SAML 2.0 Credential Mapping provider.

Specified by:

getDescription in interface weblogic.management.security.ProviderMBean

Default Value:

"BEA SAML 2.0 Credential Mapping Provider. Supports Security Assertion Markup Language v2.0."

getVersion

String getVersion()

The version number of the SAML 2.0 Credential Mapping provider.

Specified by:

getVersion in interface weblogic.management.security.ProviderMBean

Default Value:

"1.0"

getSupportedImportFormats

String[] getSupportedImportFormats()

The format of the file to import. The list of supported import formats is determined by the Credential Mapper provider from which the security data were originally exported.

Specified by:

getSupportedImportFormats in interface weblogic.management.security.ImportMBean

Default Value:

"SAML2"

getSupportedImportConstraints

String[] getSupportedImportConstraints()

The security data that you want to be imported into this Credential Mapping provider's data store. A SAML 2.0 Credential Mapping Provider can import all partners(Partner=all), enabled partners(Partner=enabled) or only disabled partners(Partner=disabled).

Specified by:

getSupportedImportConstraints in interface weblogic.management.security.ImportMBean

Default Value:

"Partner"

getSupportedExportFormats

String[] getSupportedExportFormats()

The format of the file to export. The list of supported export formats is determined by this Credential Mapper provider.

Specified by:

getSupportedExportFormats in interface weblogic.management.security.ExportMBean

Default Value:

"SAML2"

getSupportedExportConstraints

String[] getSupportedExportConstraints()

The security data that you want to be exported from this Credential Mapping provider's data store. A SAML 2.0 Credential Mapping provider can export all partners(Partner=all), enabled partners(Partner=enabled) or only disabled partners(Partner=disabled). The password inlined in the exported file can be encrypted or plain text(Passwords=cleartext).

Specified by:

getSupportedExportConstraints in interface weblogic.management.security.ExportMBean

Default Value:

"Partner","Passwords"

getIssuerURI

String getIssuerURI()

The Issuer URI, or name, of this SAML 2.0 Credential Mapping provider.

The value that you specify for Issuer URI should match the Entity ID specified in the SAML 2.0 General page that configures the per server SAML 2.0 properties.

Changes take effect after you redeploy the module or restart the server.

Default Value:

""

setIssuerURI

void setIssuerURI(String newValue)
                  throws InvalidAttributeValueException

The Issuer URI, or name, of this SAML 2.0 Credential Mapping provider.

The value that you specify for Issuer URI should match the Entity ID specified in the SAML 2.0 General page that configures the per server SAML 2.0 properties.

Parameters:

newValue - - new value for attribute IssuerURI

Throws:

InvalidAttributeValueException

Changes take effect after you redeploy the module or restart the server.

Default Value:

""

getNameQualifier

String getNameQualifier()

The Name Qualifier value used by the Name Mapper.

The value of the Name Qualifier is the security or administrative domain that qualifies the name of the subject. This provides a means to federate names from disparate user stores while avoiding the possibility of subject name collision.

Changes take effect after you redeploy the module or restart the server.

Default Value:

""

setNameQualifier

void setNameQualifier(String newValue)
                      throws InvalidAttributeValueException

The Name Qualifier value used by the Name Mapper.

The value of the Name Qualifier is the security or administrative domain that qualifies the name of the subject. This provides a means to federate names from disparate user stores while avoiding the possibility of subject name collision.

Parameters:

newValue - - new value for attribute NameQualifier

Throws:

InvalidAttributeValueException

Changes take effect after you redeploy the module or restart the server.

Default Value:

""

getSigningKeyAlias

String getSigningKeyAlias()

The alias used to retrieve from the keystore the key that is used to sign assertions.

Changes take effect after you redeploy the module or restart the server.

Default Value:

""

setSigningKeyAlias

void setSigningKeyAlias(String newValue)
                        throws InvalidAttributeValueException

The alias used to retrieve from the keystore the key that is used to sign assertions.

Parameters:

newValue - - new value for attribute SigningKeyAlias

Throws:

InvalidAttributeValueException

Changes take effect after you redeploy the module or restart the server.

Default Value:

""

getSigningKeyPassPhrase

String getSigningKeyPassPhrase()

The credential, or password, used to retrieve from the keystore the keys used to sign assertions.

Changes take effect after you redeploy the module or restart the server.

Default Value:

""

setSigningKeyPassPhrase

void setSigningKeyPassPhrase(String newValue)
                             throws InvalidAttributeValueException

The credential, or password, used to retrieve from the keystore the keys used to sign assertions.

Parameters:

newValue - - new value for attribute SigningKeyPassPhrase

Throws:

InvalidAttributeValueException

Changes take effect after you redeploy the module or restart the server.

Default Value:

""

getDefaultTimeToLive

int getDefaultTimeToLive()

The time in seconds that, by default, an assertion should remain valid. The default value is 120 seconds (2 minutes).

If the value is zero, then assertions have an infinite lifetime. Using assertions with an infinite lifetime is not recommended, however.

Changes take effect after you redeploy the module or restart the server.

Default Value:

120

Minimum Value:

0

setDefaultTimeToLive

void setDefaultTimeToLive(int newValue)
                          throws InvalidAttributeValueException

The time in seconds that, by default, an assertion should remain valid. The default value is 120 seconds (2 minutes).

If the value is zero, then assertions have an infinite lifetime. Using assertions with an infinite lifetime is not recommended, however.

Parameters:

newValue - - new value for attribute DefaultTimeToLive

Throws:

InvalidAttributeValueException

Changes take effect after you redeploy the module or restart the server.

Default Value:

120

Minimum Value:

0

getDefaultTimeToLiveOffset

int getDefaultTimeToLiveOffset()

The time factor you can use to allow the Credential Mapping provider to compensate for clock differences between the Identity Provider and Service Provider sites.

The value is a positive or negative integer representing seconds. Default value is -5.

Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). This value is a positive or negative integer indicating how many seconds before or after "now" to which the assertion's NotBefore should be set. If you set a value for DefaultTimeToLiveOffset, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + TimeToLiveOffset). As a result, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now.

Changes take effect after you redeploy the module or restart the server.

Default Value:

-5

setDefaultTimeToLiveOffset

void setDefaultTimeToLiveOffset(int newValue)
                                throws InvalidAttributeValueException

The time factor you can use to allow the Credential Mapping provider to compensate for clock differences between the Identity Provider and Service Provider sites.

The value is a positive or negative integer representing seconds. Default value is -5.

Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). This value is a positive or negative integer indicating how many seconds before or after "now" to which the assertion's NotBefore should be set. If you set a value for DefaultTimeToLiveOffset, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + TimeToLiveOffset). As a result, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now.

Parameters:

newValue - - new value for attribute DefaultTimeToLiveOffset

Throws:

InvalidAttributeValueException

Changes take effect after you redeploy the module or restart the server.

Default Value:

-5

getGenerateAttributes

boolean getGenerateAttributes()

Specifies whether information, in addition to the username, will be generated in the SAML 2.0 assertion. For example, group information.

Note that the Service Provider partner needs to have a SAML Authentication provider configured to be able to extract and use the attribute information contained in the assertion.

Changes take effect after you redeploy the module or restart the server.

Default Value:

true

setGenerateAttributes

void setGenerateAttributes(boolean newValue)
                           throws InvalidAttributeValueException

Specifies whether information, in addition to the username, will be generated in the SAML 2.0 assertion. For example, group information.

Note that the Service Provider partner needs to have a SAML Authentication provider configured to be able to extract and use the attribute information contained in the assertion.

Parameters:

newValue - - new value for attribute GenerateAttributes

Throws:

InvalidAttributeValueException

Changes take effect after you redeploy the module or restart the server.

Default Value:

true

getNameMapperClassName

String getNameMapperClassName()

The Java class that overrides the default SAML 2.0 credential mapper name mapper class, which maps Subjects to identity information contained in the assertion.

Changes take effect after you redeploy the module or restart the server.

Default Value:

""

setNameMapperClassName

void setNameMapperClassName(String newValue)
                            throws InvalidAttributeValueException

The Java class that overrides the default SAML 2.0 credential mapper name mapper class, which maps Subjects to identity information contained in the assertion.

Parameters:

newValue - - new value for attribute NameMapperClassName

Throws:

InvalidAttributeValueException

Changes take effect after you redeploy the module or restart the server.

Default Value:

""

getCredCacheSize

int getCredCacheSize()

The size of the cache used to store assertion credentials. If the value is not specified, or is not a positive number, the cache will have an unlimited size. The default value is 0.

The cache stores assertion credentials so that requests for a specific assertion return a result from cache, rather than generate a new assertion. This can improve performance in cases where an application makes multiple requests for the same assertion, for the same user, within a short period of time.

Changes take effect after you redeploy the module or restart the server.

Default Value:

0

Minimum Value:

0

setCredCacheSize

void setCredCacheSize(int newValue)
                      throws InvalidAttributeValueException

The size of the cache used to store assertion credentials. If the value is not specified, or is not a positive number, the cache will have an unlimited size. The default value is 0.

The cache stores assertion credentials so that requests for a specific assertion return a result from cache, rather than generate a new assertion. This can improve performance in cases where an application makes multiple requests for the same assertion, for the same user, within a short period of time.

Parameters:

newValue - - new value for attribute CredCacheSize

Throws:

InvalidAttributeValueException

Changes take effect after you redeploy the module or restart the server.

Default Value:

0

Minimum Value:

0

getCredCacheMinViableTTL

int getCredCacheMinViableTTL()

The minimum time, in seconds, that assertion credentials must be viable before being eligible to be cached. If an entry in the cache has less time to live than this value, the corresponding assertion is not used. Instead, a new assertion is generated. The default value is 20.

This attribute prevents the situation in which an assertion is returned from the cache but expires before it can be evaluated at its destination. If the cached assertion's remaining time-to-live period is too short, the assertion is not used.

Changes take effect after you redeploy the module or restart the server.

Default Value:

20

Minimum Value:

0

setCredCacheMinViableTTL

void setCredCacheMinViableTTL(int newValue)
                              throws InvalidAttributeValueException

The minimum time, in seconds, that assertion credentials must be viable before being eligible to be cached. If an entry in the cache has less time to live than this value, the corresponding assertion is not used. Instead, a new assertion is generated. The default value is 20.

This attribute prevents the situation in which an assertion is returned from the cache but expires before it can be evaluated at its destination. If the cached assertion's remaining time-to-live period is too short, the assertion is not used.

Parameters:

newValue - - new value for attribute CredCacheMinViableTTL

Throws:

InvalidAttributeValueException

Changes take effect after you redeploy the module or restart the server.

Default Value:

20

Minimum Value:

0

getName

String getName()

Description copied from interface: weblogic.management.security.ProviderMBean

The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.

Specified by:

getName in interface weblogic.management.security.ProviderMBean

Specified by:

getName in interface SAML2PartnerRegistryMBean

Specified by:

getName in interface SAML2SPPartnerRegistryMBean

Default Value:

"SAML2CredentialMapper"

setSigningKeyPassPhraseEncrypted

void setSigningKeyPassPhraseEncrypted(byte[] _bytes)

Changes take effect after you redeploy the module or restart the server.

getSigningKeyPassPhraseEncrypted

byte[] getSigningKeyPassPhraseEncrypted()

Changes take effect after you redeploy the module or restart the server.