Oracle Fusion Middleware
Oracle WebLogic Server MBean Javadoc
11g Release 1 (10.3.6)

Part Number E13945-06

weblogic.security.providers.saml
Interface SAMLCredentialMapperV2MBean

All Superinterfaces:
ApplicationVersionerMBean, CredentialMapperMBean, ExportMBean, ImportMBean, ListerMBean, NameListerMBean, ProviderMBean, SAMLPartnerRegistryMBean, SAMLRelyingPartyRegistryMBean

public interface SAMLCredentialMapperV2MBean
extends CredentialMapperMBean, SAMLRelyingPartyRegistryMBean, ApplicationVersionerMBean

This MBean represents configuration information for the SAML Credential Mapper V2 provider.

Deprecation of MBeanHome and Type-Safe Interfaces

This is a type-safe interface for a WebLogic Server MBean, which you can import into your client classes and access through weblogic.management.MBeanHome. As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, client classes that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection interface to discover MBeans, attributes, and attribute types at runtime.


Method Summary
 int getCredCacheMinViableTTL()
          If an entry in the cache has less time to live than this value, the corresponding assertion will not be used.
 int getCredCacheSize()
          The size of the cache used to store assertion credentials.
 int getDefaultTimeToLive()
          Time in seconds that, by default, an assertion should remain valid.
 int getDefaultTimeToLiveDelta()
          A time factor you can use to allow the Credential Mapper to compensate for clock differences between the source and destination sites.
 String getDescription()
          A short description of the SAML Credential Mapper V2 provider.
 String getIssuerURI()
          The Issuer URI (name) of this SAML Authority.
 int getMinimumParserPoolSize()
          The minimum number of parsers to maintain in the parser pool.
 String getName()
          The name of this configuration.
 String getNameMapperClassName()
          The name of the Java class that maps Subjects to SAML Assertion name information.
 String getNameQualifier()
          The Name Qualifier value used by the Name Mapper.
 String getProviderClassName()
          The name of the Java class used to load the SAML Credential Mapper V2 provider.
 String getSigningKeyAlias()
          The alias used to retrieve from the keystore the key that is used to sign assertions.
 String getSigningKeyPassPhrase()
          The credential (password) used to retrieve from the keystore the keys used to sign assertions.
 byte[] getSigningKeyPassPhraseEncrypted()
           
 String getVersion()
          The version number of the SAML Credential Mapper V2 provider.
 void setCredCacheMinViableTTL(int newValue)
          If an entry in the cache has less time to live than this value, the corresponding assertion will not be used.
 void setCredCacheSize(int newValue)
          The size of the cache used to store assertion credentials.
 void setDefaultTimeToLive(int newValue)
          Time in seconds that, by default, an assertion should remain valid.
 void setDefaultTimeToLiveDelta(int newValue)
          A time factor you can use to allow the Credential Mapper to compensate for clock differences between the source and destination sites.
 void setIssuerURI(String newValue)
          The Issuer URI (name) of this SAML Authority.
 void setMinimumParserPoolSize(int newValue)
          The minimum number of parsers to maintain in the parser pool.
 void setNameMapperClassName(String newValue)
          The name of the Java class that maps Subjects to SAML Assertion name information.
 void setNameQualifier(String newValue)
          The Name Qualifier value used by the Name Mapper.
 void setSigningKeyAlias(String newValue)
          The alias used to retrieve from the keystore the key that is used to sign assertions.
 void setSigningKeyPassPhrase(String newValue)
          The credential (password) used to retrieve from the keystore the keys used to sign assertions.
 void setSigningKeyPassPhraseEncrypted(byte[] _bytes)
           
 
Methods inherited from interface weblogic.management.security.ProviderMBean
getRealm
 
Methods inherited from interface weblogic.security.providers.saml.registry.SAMLRelyingPartyRegistryMBean
addRelyingParty, getRelyingParty, listRelyingParties, newRelyingParty, relyingPartyExists, removeRelyingParty, updateRelyingParty
 
Methods inherited from interface weblogic.security.providers.saml.registry.SAMLPartnerRegistryMBean
certificateExists, copyToDER, copyToPEM, getCertificate, getSupportedExportConstraints, getSupportedExportFormats, getSupportedImportConstraints, getSupportedImportFormats, listCertificates, registerCertificate, unregisterCertificate
 
Methods inherited from interface weblogic.management.security.ProviderMBean
getRealm
 
Methods inherited from interface weblogic.management.security.ImportMBean
importData
 
Methods inherited from interface weblogic.management.security.ExportMBean
exportData
 
Methods inherited from interface weblogic.management.utils.NameListerMBean
getCurrentName
 
Methods inherited from interface weblogic.management.utils.ListerMBean
advance, close, haveCurrent
 

Method Detail

getProviderClassName

String getProviderClassName()

The name of the Java class used to load the SAML Credential Mapper V2 provider.

Default Value:
"weblogic.security.providers.saml.SAMLCredentialMapperV2ProviderImpl"

getDescription

String getDescription()

A short description of the SAML Credential Mapper V2 provider.

Specified by:
getDescription in interface ProviderMBean
Default Value:
"WebLogic SAML Credential Mapping Provider. Supports Security Assertion Markup Language v1.1."

getVersion

String getVersion()

The version number of the SAML Credential Mapper V2 provider.

Specified by:
getVersion in interface ProviderMBean
Default Value:
"2.0"

getIssuerURI

String getIssuerURI()

The Issuer URI (name) of this SAML Authority.

Changes take effect after you redeploy the module or restart the server.
Default Value:
""

setIssuerURI

void setIssuerURI(String newValue)
                  throws InvalidAttributeValueException

The Issuer URI (name) of this SAML Authority.

Parameters:
newValue - - new value for attribute IssuerURI
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
""

getNameQualifier

String getNameQualifier()

The Name Qualifier value used by the Name Mapper.

The value of the Name Qualifier is the security or administrative domain that qualifies the name of the subject. This provides a means to federate names from disparate user stores while avoiding the possibility of subject name collision.

Changes take effect after you redeploy the module or restart the server.
Default Value:
""

setNameQualifier

void setNameQualifier(String newValue)
                      throws InvalidAttributeValueException

The Name Qualifier value used by the Name Mapper.

The value of the Name Qualifier is the security or administrative domain that qualifies the name of the subject. This provides a means to federate names from disparate user stores while avoiding the possibility of subject name collision.

Parameters:
newValue - - new value for attribute NameQualifier
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
""

getSigningKeyAlias

String getSigningKeyAlias()

The alias used to retrieve from the keystore the key that is used to sign assertions.

Changes take effect after you redeploy the module or restart the server.
Default Value:
""

setSigningKeyAlias

void setSigningKeyAlias(String newValue)
                        throws InvalidAttributeValueException

The alias used to retrieve from the keystore the key that is used to sign assertions.

Parameters:
newValue - - new value for attribute SigningKeyAlias
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
""

getSigningKeyPassPhrase

String getSigningKeyPassPhrase()

The credential (password) used to retrieve from the keystore the keys used to sign assertions.

Changes take effect after you redeploy the module or restart the server.
Default Value:
""

setSigningKeyPassPhrase

void setSigningKeyPassPhrase(String newValue)
                             throws InvalidAttributeValueException

The credential (password) used to retrieve from the keystore the keys used to sign assertions.

Parameters:
newValue - - new value for attribute SigningKeyPassPhrase
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
""

getDefaultTimeToLive

int getDefaultTimeToLive()

Time in seconds that, by default, an assertion should remain valid.

If the value is zero, then assertions have an infinite lifetime. Using assertions with an infinite lifetime is not recommended, however.

Changes take effect after you redeploy the module or restart the server.
Default Value:
120
Minimum Value:
0

setDefaultTimeToLive

void setDefaultTimeToLive(int newValue)
                          throws InvalidAttributeValueException

Time in seconds that, by default, an assertion should remain valid.

If the value is zero, then assertions have an infinite lifetime. Using assertions with an infinite lifetime is not recommended, however.

Parameters:
newValue - - new value for attribute DefaultTimeToLive
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
120
Minimum Value:
0

getDefaultTimeToLiveDelta

int getDefaultTimeToLiveDelta()

A time factor you can use to allow the Credential Mapper to compensate for clock differences between the source and destination sites. The value is a positive or negative integer representing seconds.

Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). This value is a positive or negative integer indicating how many seconds before or after "now" the assertions NotBefore should be set to. If you set a value for DefaultTimeToLiveDelta, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + TimeToLiveDelta). So, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now. This allows the Credential Mapper to compensate for clock differences between the source and destination sites. The default can be overridden for specific assertions.

Changes take effect after you redeploy the module or restart the server.
Default Value:
0

setDefaultTimeToLiveDelta

void setDefaultTimeToLiveDelta(int newValue)
                               throws InvalidAttributeValueException

A time factor you can use to allow the Credential Mapper to compensate for clock differences between the source and destination sites. The value is a positive or negative integer representing seconds.

Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). This value is a positive or negative integer indicating how many seconds before or after "now" the assertions NotBefore should be set to. If you set a value for DefaultTimeToLiveDelta, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + TimeToLiveDelta). So, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now. This allows the Credential Mapper to compensate for clock differences between the source and destination sites. The default can be overridden for specific assertions.

Parameters:
newValue - - new value for attribute DefaultTimeToLiveDelta
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
0

getNameMapperClassName

String getNameMapperClassName()

The name of the Java class that maps Subjects to SAML Assertion name information. When no mapper is specified, the default mapper implementation is used.

When you configure a SAML Relying Party, using the Management tab, you can set a Name Mapper Class specific to that Relying Party, which will override the default value you set here.

Changes take effect after you redeploy the module or restart the server.
Default Value:
""

setNameMapperClassName

void setNameMapperClassName(String newValue)
                            throws InvalidAttributeValueException

The name of the Java class that maps Subjects to SAML Assertion name information. When no mapper is specified, the default mapper implementation is used.

When you configure a SAML Relying Party, using the Management tab, you can set a Name Mapper Class specific to that Relying Party, which will override the default value you set here.

Parameters:
newValue - - new value for attribute NameMapperClassName
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
""

getMinimumParserPoolSize

int getMinimumParserPoolSize()

The minimum number of parsers to maintain in the parser pool.

Default Value:
5
Minimum Value:
0

setMinimumParserPoolSize

void setMinimumParserPoolSize(int newValue)
                              throws InvalidAttributeValueException

The minimum number of parsers to maintain in the parser pool.

Parameters:
newValue - - new value for attribute MinimumParserPoolSize
Throws:
InvalidAttributeValueException
Default Value:
5
Minimum Value:
0

getCredCacheSize

int getCredCacheSize()

The size of the cache used to store assertion credentials.

The cache stores assertion credentials so that requests for the same assertion may return a result from cache, rather than generate a new assertion. This can improve performance in cases where an application may make multiple requests for the same assertion, for the same user, within a short period of time.

Changes take effect after you redeploy the module or restart the server.
Default Value:
0
Minimum Value:
0

setCredCacheSize

void setCredCacheSize(int newValue)
                      throws InvalidAttributeValueException

The size of the cache used to store assertion credentials.

The cache stores assertion credentials so that requests for the same assertion may return a result from cache, rather than generate a new assertion. This can improve performance in cases where an application may make multiple requests for the same assertion, for the same user, within a short period of time.

Parameters:
newValue - - new value for attribute CredCacheSize
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
0
Minimum Value:
0

getCredCacheMinViableTTL

int getCredCacheMinViableTTL()

If an entry in the cache has less time to live than this value, the corresponding assertion will not be used. Instead, a new assertion will be generated.

This attribute avoids the situation where an assertion is returned from the cache but expires before it can be evaluated at its destination. If the cached assertion's remaining time-to-live is too short, it will not be used.

Changes take effect after you redeploy the module or restart the server.
Default Value:
20
Minimum Value:
0

setCredCacheMinViableTTL

void setCredCacheMinViableTTL(int newValue)
                              throws InvalidAttributeValueException

If an entry in the cache has less time to live than this value, the corresponding assertion will not be used. Instead, a new assertion will be generated.

This attribute avoids the situation where an assertion is returned from the cache but expires before it can be evaluated at its destination. If the cached assertion's remaining time-to-live is too short, it will not be used.

Parameters:
newValue - - new value for attribute CredCacheMinViableTTL
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
20
Minimum Value:
0

getName

String getName()
Description copied from interface: ProviderMBean
The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.

Specified by:
getName in interface ProviderMBean
Specified by:
getName in interface SAMLPartnerRegistryMBean
Specified by:
getName in interface SAMLRelyingPartyRegistryMBean
Default Value:
"SAMLCredentialMapperV2"

setSigningKeyPassPhraseEncrypted

void setSigningKeyPassPhraseEncrypted(byte[] _bytes)
Changes take effect after you redeploy the module or restart the server.

getSigningKeyPassPhraseEncrypted

byte[] getSigningKeyPassPhraseEncrypted()
Changes take effect after you redeploy the module or restart the server.

Copyright 1996, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Oracle Fusion Middleware
Oracle WebLogic Server MBean Javadoc
11g Release 1 (10.3.6)

Part Number E13945-06