This MBean represents configuration information for the SAML2 Credential Mapping provider.
This is a type-safe interface for a WebLogic Server MBean, which
you can import into your client classes and access through
weblogic.management.MBeanHome. As of 9.0, the
MBeanHome interface and all type-safe interfaces for
WebLogic Server MBeans are deprecated. Instead, client classes that
interact with WebLogic Server MBeans should use standard JMX design
patterns in which clients use the
javax.management.MBeanServerConnection interface to
discover MBeans, attributes, and attribute types at runtime.
| Fully Qualified Interface Name | If you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:com.bea.security.saml2.providers.SAML2CredentialMapperMBean
|
| Factory Methods | No factory methods. Instances of this MBean are created automatically. |
This section describes attributes that provide access to other MBeans.
|
|
Returns the realm that contains this security provider. Returns null if this security provider is not contained by a realm.
| Privileges | Read only |
| Type | RealmMBean |
| Relationship type: | Reference. |
This section describes the following attributes:
Minimum time, in seconds, that assertion credentials must be viable before it is eligible to be cached. If an entry in the cache has less time to live than this value, the corresponding assertion will not be used. Instead, a new assertion will be generated. Default value is 20.
This attribute avoids the situation where an assertion is returned from the cache but expires before it can be evaluated at its destination. If the cached assertion's remaining time-to-live is too short, it will not be used.
| Privileges | Read/Write |
| Type | int |
| Default Value | 20 |
| Minimum value | 0 |
The size of the cache used to store assertion credentials. If the value is not specified or not a positive number, the cache will have unlimited size. Default value is 0.
The cache stores assertion credentials so that requests for the same assertion may return a result from cache, rather than generate a new assertion. This can improve performance in cases where an application may make multiple requests for the same assertion, for the same user, within a short period of time.
| Privileges | Read/Write |
| Type | int |
| Default Value | 0 |
| Minimum value | 0 |
Time in seconds that, by default, an assertion should remain valid. Default value is 120 seconds (2 minutes).
If the value is zero, then assertions have an infinite lifetime. Using assertions with an infinite lifetime is not recommended, however.
| Privileges | Read/Write |
| Type | int |
| Default Value | 120 |
| Minimum value | 0 |
A time factor you can use to allow the Credential Mapper to compensate for clock differences between the Identity Provider and Service Provider sites. The value is a positive or negative integer representing seconds. Default value is -5.
Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). This value is a positive or negative integer indicating how many seconds before or after "now" the assertions NotBefore should be set to. If you set a value for DefaultTimeToLiveOffset, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + TimeToLiveOffset). So, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now.
| Privileges | Read/Write |
| Type | int |
| Default Value | -5 |
A short description of the SAML2 Credential Mapping provider.
| Privileges | Read only |
| Type | java.lang.String |
| Default Value | SAML 2.0 Credential Mapping Provider. Supports Security Assertion Markup Language v2.0. |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
No description provided.
| Privileges | Read/Write |
| Type | boolean |
| Default Value | true |
The Issuer URI (name) of this SAML2 Identity Provider.
| Privileges | Read/Write |
| Type | java.lang.String |
| Default Value |
| Privileges | Read only |
| Type | java.lang.String |
| Default Value | SAML2CredentialMapper |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The qualified name of the Java class that maps Subjects to SAML Assertion name information. When no mapper is specified, the default mapper implementation is used.
| Privileges | Read/Write |
| Type | java.lang.String |
| Default Value |
The Name Qualifier value used by the Name Mapper.
The value of the Name Qualifier is the security or administrative domain that qualifies the name of the subject. This provides a means to federate names from disparate user stores while avoiding the possibility of subject name collision.
| Privileges | Read/Write |
| Type | java.lang.String |
| Default Value |
The Java class used to load the SAML2 Credential Mapping provider.
| Privileges | Read only |
| Type | java.lang.String |
| Default Value | com.bea.security.saml2.providers.SAML2CredentialMapperProviderImpl |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The alias used to retrieve from the keystore the key that is used to sign assertions.
| Privileges | Read/Write |
| Type | java.lang.String |
| Default Value |
The credential (password) used to retrieve from the keystore the keys used to sign assertions.
| Privileges | Read/Write |
| Type | java.lang.String |
| Default Value | |
| Encrypted | true |
| Privileges | Read/Write |
| Type | byte[] |
| Encrypted | true |
The security data that you want to be exported from this Credential Mapping provider's data store. A SAML2 Credential Mapping provider can export all partners(Partner=all), enabled partners(Partner=enabled) or only disabled partners(Partner=disabled). The password inlined in the exported file can be encrypted or plain text(Passwords=cleartext).
| Privileges | Read only |
| Type | class java.lang.String[] |
| Default Value | Partner Passwords |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The format of the file to export. The list of supported export formats is determined by this Credential Mapper provider.
| Privileges | Read only |
| Type | class java.lang.String[] |
| Default Value | SAML2 |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The security data that you want to be imported into this Credential Mapping provider's data store. A SAML2 Credential Mapping Provider can import all partners(Partner=all), enabled partners(Partner=enabled) or only disabled partners(Partner=disabled).
| Privileges | Read only |
| Type | class java.lang.String[] |
| Default Value | Partner |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The format of the file to import. The list of supported import formats is determined by the Credential Mapper provider from which the security data were originally exported.
| Privileges | Read only |
| Type | class java.lang.String[] |
| Default Value | SAML2 |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The version number of the SAML2 Credential Mapping provider.
| Privileges | Read only |
| Type | java.lang.String |
| Default Value | 1.0 |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
This section describes the following operations:
Adds a new SP partner to the registry. <p> Throws InvalidParameterException if the partner object fails validation. Throws CreateException if an error occurs during creation of the object.
| Operation Name | "addSPPartner" |
| Parameters | Object [] { spPartner }
where:
|
| Signature | String [] {
"com.bea.security.saml2.providers.registry.SPPartner" } |
| Returns |
void
|
| Exceptions |
|
Advances the list to the next element in the list.
| Operation Name | "advance" |
| Parameters | Object [] { cursor }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns |
void
|
| Exceptions |
|
Indicates that the caller is finished using the list, and that the resources held on behalf of the list may be released. If the caller traverses through all the elements in the list, the caller need not call this method. In other words, it is used to let the caller close the list without reading each element that is returned.
| Operation Name | "close" |
| Parameters | Object [] { cursor }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns |
void
|
| Exceptions |
|
Returns an imported SP partner object. Caller can set the fields of this object and then call addIdPPartner() to add the new partner to the registry.
| Operation Name | "consumeSPPartnerMetadata" |
| Parameters | Object [] { fileName }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns | MetadataPartner |
| Exceptions |
|
Exports provider specific data in a specified format. When
errors occur, the MBean throws an ErrorCollectionException
containing a list of java.lang.Exceptions, where the
text of each exception describes the error.
| Operation Name | "exportData" |
| Parameters | Object [] { format, filename, constraints }
where:
|
| Signature | String [] {
"java.lang.String",
"java.lang.String",
"java.util.Properties" } |
| Returns |
void
|
| Exceptions |
|
The name of the current item in the list. Returns null if there is no current item.
| Operation Name | "getCurrentName" |
| Parameters | Object [] { cursor }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns | String
|
| Exceptions |
|
Gets the SP partner corresponding to a partnerName. <p> Throws NotFoundException if the partner is not found. Throws InvalidParameterException if partnerName is empty or null.
| Operation Name | "getSPPartner" |
| Parameters | Object [] { partnerName }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns | SPPartner |
| Exceptions |
|
Returns true if there are more objects in the list, and false otherwise.
| Operation Name | "haveCurrent" |
| Parameters | Object [] { cursor }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns |
boolean
|
| Exceptions |
|
Imports provider specific data from a specified format. When
errors occur, the MBean throws an ErrorCollectionException
containing a list of java.lang.Exceptions, where the
text of each exception describes the error.
| Operation Name | "importData" |
| Parameters | Object [] { format, filename, constraints }
where:
|
| Signature | String [] {
"java.lang.String",
"java.lang.String",
"java.util.Properties" } |
| Returns |
void
|
| Exceptions |
|
Returns true if the specified attribute has been set explicitly in this MBean instance.
| Operation Name | "isSet" |
| Parameters | Object [] { propertyName }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns |
boolean
|
| Exceptions |
|
Lists the registered partner names that match a wild card. <p> It follows the NameListerMBean cursor pattern. The results are not sorted. <p> Returns a String containing a cursor that may be passed into the NameListerMBean methods to read the list. The getCurrentName method returns the current alias on the list. <p> Throws InvalidParameterException if partnerNameWildcard is empty or null or if maxToReturn is less than zero.
Lists the registered partner names that match a wild card. <p> It follows the NameListerMBean cursor pattern. The results are not sorted. <p> Returns a String containing a cursor that may be passed into the NameListerMBean methods to read the list. The getCurrentName method returns the current alias on the list. <p> Throws InvalidParameterException if partnerNameWildcard is empty or null or if maxToReturn is less than zero.
| Operation Name | "listSPPartners" |
| Parameters | Object [] { partnerNameWildcard, maxToReturn }
where:
|
| Signature | String [] {
"java.lang.String",
"java.lang.Integer" } |
| Returns | String
|
| Exceptions |
|
Loads a certificate from file so that it may be applied to partner configurations. <p> Throws InvalidParameterException if the certificateFile parameter is empty or null, or if the file cannot be read or does not contain a valid certificate.
| Operation Name | "loadCertificate" |
| Parameters | Object [] { certificateFile }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns | X509Certificate
|
| Exceptions |
|
Returns a new Endpoint object.
| Operation Name | "newEndpoint" |
| Parameters | null |
| Signature | null |
| Returns | Endpoint |
Returns a new IndexedEndpoint object.
| Operation Name | "newIndexedEndpoint" |
| Parameters | null |
| Signature | null |
| Returns | IndexedEndpoint |
Returns a new Web SSO profile SP partner object. Caller can set the fields of this object and then call addSPPartner() to add the new partner to the registry. <p> SP partner objects obtained from this method should not be passed to updateSPPartner() -- call getSPPartner() to fetch an existing partner for update.
Returns a new Web SSO profile SP partner object. Caller can set the fields of this object and then call addSPPartner() to add the new partner to the registry. <p> SP partner objects obtained from this method should not be passed to updateSPPartner() -- call getSPPartner() to fetch an existing partner for update.
| Operation Name | "newWebSSOSPPartner" |
| Parameters | null |
| Signature | null |
| Returns | WebSSOSPPartner |
Returns a new WSS token profile SP partner object. Caller can set the fields of this object and then call addSPPartner() to add the new partner to the registry. <p> SP partner objects obtained from this method should not be passed to updateSPPartner() -- call getSPPartner() to fetch an existing partner for update.
| Operation Name | "newWSSSPPartner" |
| Parameters | null |
| Signature | null |
| Returns | WSSSPPartner |
Removes a SP partner from the registry. <p> Throws NotFoundException if the partner does not exist. Throws InvalidParameterException if the partnerName is empty or null.
| Operation Name | "removeSPPartner" |
| Parameters | Object [] { partnerName }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns |
void
|
| Exceptions |
|
Determines whether or not a SP partner exists for the given partner name. <p> Returns true if the partner is found, false if not. <p> Throws InvalidParameterException if partnerId is empty or null.
| Operation Name | "spPartnerExists" |
| Parameters | Object [] { partnerName }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns |
boolean
|
| Exceptions |
|
Restore the given property to its default value.
| Operation Name | "unSet" |
| Parameters | Object [] { propertyName }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns |
void
|
| Exceptions |
|
Updates a SP partner in the registry. <p> Throws NotFoundException if the partner does not exist. Throws InvalidParameterException if the partner object fails validation.
| Operation Name | "updateSPPartner" |
| Parameters | Object [] { spPartner }
where:
|
| Signature | String [] {
"com.bea.security.saml2.providers.registry.SPPartner" } |
| Returns |
void
|
| Exceptions |
|
Returns the display name of an MBean.
Deprecated 9.0.0.0
| Operation Name | "wls_getDisplayName" |
| Parameters | null |
| Signature | null |
| Returns | String
|