Use this tab to configure an Identity Assertion provider for a security realm. JAAS LoginModules seek proof of an entity's identity based on usernames/passwords or identification devices inside the request; identity assertion involves establishing a client's identity through the use of client-supplied tokens that may exist outside of the request. Thus, the function of an Identity Assertion provider is to validate and map a token to a username. Identity Assertion providers support perimeter authentication by passing tokens in HTML headers or cookies.
By default, the WebLogic Identity Assertion provider is configured. The WebLogic Identity Assertion provider supports identity assertion using X509 certificates and Common Secure Interoperability version 2 (CSIv2).
You can use a Custom Identity Assertion provider instead of the WebLogic Identity Assertion provider. For a Custom Identity Assertion provider to be available in the WebLogic Server Administration Console, the MBean JAR file for the provider must be in the WL_HOME\lib\mbeantypes directory.
The Security page in the WebLogic Server documentation
Attributes
Attribute Label
Description
Value Constraints
Name
The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.
Attribute: Name
Configurable: yes
Readable: yes
Writable: yes
Description
A short description of the WebLogic Identity Assertion provider.
Attribute: Description
Default: "Provider that performs identity assertion for certs and CSIv2"
Readable: yes
Version
The version number of the WebLogic Identity Assertion provider.
Attribute: Version
Default: "1.0"
Readable: yes
User Name Mapper Class Name
The name of the Java class that maps X509 digital certificates and X501 distinguished names to WebLogic user names.
Attribute: UserNameMapperClassName
Readable: yes
Trusted Client Principals
The list of trusted client principals to use in CSIv2 identity assertion. The wildcard character (*) can be used to specify all principals are trusted. If a client is not listed as a trusted client principal, the CSIv2 identity assertion fails and the invoke is rejected.
Attribute: TrustedClientPrincipals
Readable: yes
Supported Types
The token types supported by the WebLogic Identity Assertion provider.