SAMLCredentialMapperV2MBean

Overview  |   Related MBeans  |   Attributes  |   Operations

Overview

No description provided.

   
Fully Qualified Interface NameIf you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:
weblogic.security.providers.saml.SAMLCredentialMapperV2MBean
Factory Methods No factory methods. Instances of this MBean are created automatically.
Access Points Inherited from CredentialMapperMBean Because this MBean extends or implements CredentialMapperMBean, you can also access this MBean by retrieving CredentialMapperMBeans. The following attributes contain CredentialMapperMBeans and its subtypes:

    Related MBeans

    This section describes attributes that provide access to other MBeans. For more information about the MBean hierarchy, refer to WebLogic Server MBean Data Model.

      Realm

      Returns the realm that contains this security provider. Returns null if this security provider is not contained by a realm.

             
      Privileges Read only
      TypeRealmMBean
      Relationship type: Reference.

      Attributes

      This section describes the following attributes:

      CredCacheMinViableTTL

      If an entry in the cache has less time to live than this value, the corresponding assertion will not be used. Instead, a new assertion will be generated.

      This attribute avoids the situation where an assertion is returned from the cache but expires before it can be evaluated at its destination. If the cached assertion's remaining time-to-live is too short, it will not be used.

             
      Privileges Read/Write
      Typeint
      Default Value20
      Minimum value0

      CredCacheSize

      The size of the cache used to store assertion credentials.

      The cache stores assertion credentials so that requests for the same assertion may return a result from cache, rather than generate a new assertion. This can improve performance in cases where an application may make multiple requests for the same assertion, for the same user, within a short period of time.

             
      Privileges Read/Write
      Typeint
      Default Value0
      Minimum value0

      DefaultTimeToLive

      Time in seconds that, by default, an assertion should remain valid.

      If the value is zero, then assertions have an infinite lifetime. Using assertions with an infinite lifetime is not recommended, however.

             
      Privileges Read/Write
      Typeint
      Default Value120
      Minimum value0

      DefaultTimeToLiveDelta

      A time factor you can use to allow the Credential Mapper to compensate for clock differences between the source and destination sites. The value is a positive or negative integer representing seconds.

      Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). This value is a positive or negative integer indicating how many seconds before or after "now" the assertions NotBefore should be set to. If you set a value for DefaultTimeToLiveDelta, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + TimeToLiveDelta). So, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now. This allows the Credential Mapper to compensate for clock differences between the source and destination sites. The default can be overridden for specific assertions.

             
      Privileges Read/Write
      Typeint
      Default Value0

      Description

      A short description of the SAML Credential Mapper V2 provider.

             
      Privileges Read only
      Typejava.lang.String
      Default ValueWebLogic SAML Credential Mapping Provider. Supports Security Assertion Markup Language v1.1.
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      IssuerURI

      The Issuer URI (name) of this SAML Authority.

             
      Privileges Read/Write
      Typejava.lang.String
      Default Value

      MinimumParserPoolSize

      The minimum number of parsers to maintain in the parser pool.

             
      Privileges Read/Write
      Typeint
      Default Value5
      Minimum value0

      Name

             
      Privileges Read only
      Typejava.lang.String
      Default ValueSAMLCredentialMapperV2
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      NameMapperClassName

      The name of the Java class that maps Subjects to SAML Assertion name information. When no mapper is specified, the default mapper implementation is used.

      When you configure a SAML Relying Party, using the Management tab, you can set a Name Mapper Class specific to that Relying Party, which will override the default value you set here.

             
      Privileges Read/Write
      Typejava.lang.String
      Default Value

      NameQualifier

      The Name Qualifier value used by the Name Mapper.

      The value of the Name Qualifier is the security or administrative domain that qualifies the name of the subject. This provides a means to federate names from disparate user stores while avoiding the possibility of subject name collision.

             
      Privileges Read/Write
      Typejava.lang.String
      Default Value

      ProviderClassName

      The name of the Java class used to load the SAML Credential Mapper V2 provider.

             
      Privileges Read only
      Typejava.lang.String
      Default Valueweblogic.security.providers.saml.SAMLCredentialMapperV2ProviderImpl
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      SigningKeyAlias

      The alias used to retrieve from the keystore the key that is used to sign assertions.

             
      Privileges Read/Write
      Typejava.lang.String
      Default Value

      SigningKeyPassPhrase

      The credential (password) used to retrieve from the keystore the keys used to sign assertions.

             
      Privileges Read/Write
      Typejava.lang.String
      Default Value
      Encryptedtrue

      SigningKeyPassPhraseEncrypted

             
      Privileges Read/Write
      Typebyte[]
      Encryptedtrue

      SupportedExportConstraints

      No description provided.

             
      Privileges Read only
      Typeclass java.lang.String[]
      Default Value Partners Certificates Passwords
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      SupportedExportFormats

      No description provided.

             
      Privileges Read only
      Typeclass java.lang.String[]
      Default Value XML Partner Registry JKS KeyStore LDIF Template
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      SupportedImportConstraints

      No description provided.

             
      Privileges Read only
      Typeclass java.lang.String[]
      Default Value Partners Certificates ImportMode
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      SupportedImportFormats

      No description provided.

             
      Privileges Read only
      Typeclass java.lang.String[]
      Default Value XML Partner Registry JKS KeyStore
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      Version

      The version number of the SAML Credential Mapper V2 provider.

             
      Privileges Read only
      Typejava.lang.String
      Default Value2.0
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      Operations

      This section describes the following operations:

      addRelyingParty

      No description provided.

         
      Operation Name"addRelyingParty"
      ParametersObject [] {  relyingParty }

      where:

      • relyingParty is an object of type weblogic.security.providers.saml.registry.SAMLRelyingParty that specifies:

        - The new relying party to add.
      SignatureString [] { "weblogic.security.providers.saml.registry.SAMLRelyingParty" }
      Returns void
      Exceptions
      • weblogic.management.utils.InvalidParameterException
      • weblogic.management.utils.CreateException

      advance

      Advances the list to the next element in the list.

         
      Operation Name"advance"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor returned from a previous list method.
      SignatureString [] { "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      certificateExists

      No description provided.

         
      Operation Name"certificateExists"
      ParametersObject [] {  alias }

      where:

      • alias is an object of type java.lang.String that specifies:

        - The alias the certificate is registered under. It must not be empty or null. Aliases are case-insensitive.
      SignatureString [] { "java.lang.String" }
      Returns boolean
      Exceptions
      • weblogic.management.utils.InvalidParameterException

      close

      Indicates that the caller is finished using the list, and that the resources held on behalf of the list may be released. If the caller traverses through all the elements in the list, the caller need not call this method. In other words, it is used to let the caller close the list without reading each element that is returned.

         
      Operation Name"close"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor returned from a previous list method.
      SignatureString [] { "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      copyToDER

      No description provided.

         
      Operation Name"copyToDER"
      ParametersObject [] {  aliascertificateFile }

      where:

      • alias is an object of type java.lang.String that specifies:

        - The alias the certificate is registered under. It must not be empty or null. Aliases are case-insensitive.

      • certificateFile is an object of type java.lang.String that specifies:

        - The pathname (relative to the directory the admin server is booted from) of the file to write the certificate to.
      SignatureString [] { "java.lang.String", "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      copyToPEM

      No description provided.

         
      Operation Name"copyToPEM"
      ParametersObject [] {  aliascertificateFile }

      where:

      • alias is an object of type java.lang.String that specifies:

        - The alias the certificate is registered under. It must not be empty or null. Aliases are case-insensitive.

      • certificateFile is an object of type java.lang.String that specifies:

        - The pathname (relative to the directory the admin server is booted from) of the file to write the certificate to.
      SignatureString [] { "java.lang.String", "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      exportData

      Exports provider specific data in a specified format. When errors occur, the MBean throws an ErrorCollectionException containing a list of java.lang.Exceptions, where the text of each exception describes the error.

         
      Operation Name"exportData"
      ParametersObject [] {  formatfilenameconstraints }

      where:

      • format is an object of type java.lang.String that specifies:

        - The format for exporting provider specific data.

      • filename is an object of type java.lang.String that specifies:

        - The full path to the filename used to write data.

      • constraints is an object of type java.util.Properties that specifies:

        - The constraints to be used when exporting data. A null value indicates that all data will be exported.
      SignatureString [] { "java.lang.String", "java.lang.String", "java.util.Properties" }
      Returns void
      Exceptions
      • weblogic.management.utils.InvalidParameterException
      • weblogic.management.utils.ErrorCollectionException

      getCertificate

      No description provided.

         
      Operation Name"getCertificate"
      ParametersObject [] {  alias }

      where:

      • alias is an object of type java.lang.String that specifies:

        - The alias the certificate is registered under. It must not be empty or null. Aliases are case-insensitive.
      SignatureString [] { "java.lang.String" }
      ReturnsX509Certificate
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      getCurrentName

      The name of the current item in the list. Returns null if there is no current item.

         
      Operation Name"getCurrentName"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor returned from a previous list method.
      SignatureString [] { "java.lang.String" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      getRelyingParty

      No description provided.

         
      Operation Name"getRelyingParty"
      ParametersObject [] {  partnerId }

      where:

      • partnerId is an object of type java.lang.String that specifies:

        - The partnerId of the relying party to return.
      SignatureString [] { "java.lang.String" }
      ReturnsSAMLRelyingParty
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      haveCurrent

      Returns true if there are more objects in the list, and false otherwise.

         
      Operation Name"haveCurrent"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor returned from a previous list method.
      SignatureString [] { "java.lang.String" }
      Returns boolean
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      importData

      Imports provider specific data from a specified format. When errors occur, the MBean throws an ErrorCollectionException containing a list of java.lang.Exceptions, where the text of each exception describes the error.

         
      Operation Name"importData"
      ParametersObject [] {  formatfilenameconstraints }

      where:

      • format is an object of type java.lang.String that specifies:

        - The format for importing provider specific data.

      • filename is an object of type java.lang.String that specifies:

        - The full path to the filename used to read data.

      • constraints is an object of type java.util.Properties that specifies:

        - The constraints to be used when importing data. A null value indicates that all data will be imported.
      SignatureString [] { "java.lang.String", "java.lang.String", "java.util.Properties" }
      Returns void
      Exceptions
      • weblogic.management.utils.InvalidParameterException
      • weblogic.management.utils.ErrorCollectionException

      listCertificates

      No description provided.

         
      Operation Name"listCertificates"
      ParametersObject [] {  aliasWildcardmaxToReturn }

      where:

      • aliasWildcard is an object of type java.lang.String that specifies:

        - A wild card used to select aliases. It supports three formats: "*" matches all aliases. "foo*" matches all aliases starting with the string "foo". "foo" matches the alias "foo" only. The matches are case-insensitive.

      • maxToReturn is an object of type java.lang.Integer that specifies:

        - The maximum number of aliases this method may return. If there are more matches than this maximum, then the returned results are arbitrary because this method does not sort the results. Set this parameter to zero to return all matching aliases.
      SignatureString [] { "java.lang.String", "java.lang.Integer" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.InvalidCursorException
      • weblogic.management.utils.InvalidParameterException

      listRelyingParties

      No description provided.

         
      Operation Name"listRelyingParties"
      ParametersObject [] {  partnerIdWildcardmaxToReturn }

      where:

      • partnerIdWildcard is an object of type java.lang.String that specifies:

        - A wild card used to select partnerIds. It supports three formats: "*" matches all partnerIds. "foo*" matches all partnerIds starting with the string "foo". "foo" matches the partnerId "foo" only. The matches are case-insensitive.

      • maxToReturn is an object of type java.lang.Integer that specifies:

        - The maximum number of partnerIds this method may return. If there are more matches than this maximum, then the returned results are arbitrary because this method does not sort the results. Set this parameter to zero to return all matching aliases.
      SignatureString [] { "java.lang.String", "java.lang.Integer" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.InvalidCursorException
      • weblogic.management.utils.InvalidParameterException

      newRelyingParty

      No description provided.

         
      Operation Name"newRelyingParty"
      Parametersnull
      Signaturenull
      ReturnsSAMLRelyingParty

      registerCertificate

      No description provided.

         
      Operation Name"registerCertificate"
      ParametersObject [] {  aliascertificateFile }

      where:

      • alias is an object of type java.lang.String that specifies:

        - The alias to register the certificate under. It must not be empty or null. Aliases are case-insensitive.

      • certificateFile is an object of type java.lang.String that specifies:

        - The pathname (relative to the directory the admin server is booted from) of a PEM or DER file containing the certificate to be registered.
      SignatureString [] { "java.lang.String", "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.AlreadyExistsException
      • weblogic.management.utils.InvalidParameterException

      relyingPartyExists

      No description provided.

         
      Operation Name"relyingPartyExists"
      ParametersObject [] {  partnerId }

      where:

      • partnerId is an object of type java.lang.String that specifies:

        - The partnerId of the relying party.
      SignatureString [] { "java.lang.String" }
      Returns boolean
      Exceptions
      • weblogic.management.utils.InvalidParameterException

      removeRelyingParty

      No description provided.

         
      Operation Name"removeRelyingParty"
      ParametersObject [] {  partnerId }

      where:

      • partnerId is an object of type java.lang.String that specifies:

        - The partnerId of the relying party to remove.
      SignatureString [] { "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      unregisterCertificate

      No description provided.

         
      Operation Name"unregisterCertificate"
      ParametersObject [] {  alias }

      where:

      • alias is an object of type java.lang.String that specifies:

        - The alias the certificate is registered under. It must not be empty or null. Aliases are case-insensitive.
      SignatureString [] { "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      updateRelyingParty

      No description provided.

         
      Operation Name"updateRelyingParty"
      ParametersObject [] {  relyingParty }

      where:

      • relyingParty is an object of type weblogic.security.providers.saml.registry.SAMLRelyingParty that specifies:

        - The relying party to update.
      SignatureString [] { "weblogic.security.providers.saml.registry.SAMLRelyingParty" }
      Returns void
      Exceptions
      • weblogic.management.utils.NotFoundException
      • weblogic.management.utils.InvalidParameterException

      wls_getDisplayName

         
      Operation Name"wls_getDisplayName"
      Parametersnull
      Signaturenull
      ReturnsString