The MBean that represents configuration atrributes for the WebLogic Identity Assertion provider. The WebLogic Identity Assertion provider supports identity assertion using X.509 certificates and CORBA Common Secure Interoperability version 2 (CS1 v2). The class also contains attributes for the default user name mapping class plus the list of trusted client principals.Deprecation of MBeanHome and Type-Safe InterfacesThis is a type-safe interface for a WebLogic Server MBean, which you can import into your client classes and access through weblogic.management.MBeanHome. As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, client classes that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection interface to discover MBeans, attributes, and attribute types at runtime. For more information, see "Developing Manageable Applications with JMX" on http://www.oracle.com/technology/documentation/index.html.
Fully Qualified Interface Name | If you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:weblogic.security.providers.authentication.DefaultIdentityAsserterMBean
|
||
Factory Methods | No factory methods. Instances of this MBean are created automatically. | ||
Access Points Inherited from AuthenticationProviderMBean |
Because this MBean extends or implements AuthenticationProviderMBean, you can also access this MBean by retrieving AuthenticationProviderMBeans. The following attributes contain AuthenticationProviderMBeans and its subtypes:
|
This section describes attributes that provide access to other MBeans. For more information about the MBean hierarchy, refer to WebLogic Server MBean Data Model.
|
Returns the realm that contains this security provider. Returns null if this security provider is not contained by a realm.
Privileges | Read only |
Type | RealmMBean |
Relationship type: | Reference. |
This section describes the following attributes:
Returns the token types that the Identity Assertion provider is currently configured to process.
Privileges | Read/Write |
Type | class java.lang.String[] |
Returns whether the tokens that are passed to the Identity
Assertion provider will be will base64 decoded first. If
false
then the server will not base64 decode the token
before passing it to the identity asserter. This defaults to
true
for backwards compatibility but most providers
will probably want to set this to false
.
Privileges | Read/Write |
Type | boolean |
Default Value | true |
The delimiter that ends the attribute value when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.
Privileges | Read/Write |
Type | java.lang.String |
Default Value | @ |
The name of the attribute from the subject DN to use when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.
Privileges | Read/Write |
Type | java.lang.String |
Default Value | E |
Legal Values |
|
A short description of the Identity Assertion provider.
Privileges | Read only |
Type | java.lang.String |
Default Value | WebLogic Identity Assertion provider |
Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The name of the data source to use for storage digest values. These digest values are used to detect replay attacks.
Privileges | Read/Write |
Type | java.lang.String |
Determines how long digests are valid. A digest that was created before the specified time will not be valid. This setting impacts how long previous digest values must be stored in the database for use in detecting replay attacks.
Privileges | Read/Write |
Type | int |
Default Value | 300 |
Enables the storage of the digest nonce values used to detect replay attacks. If this setting is enabled, you must configure a data source to store the nonces for the specified expiration period. WebLogic Server then stores all the nonces from digest authentication attempts for all the machines in the domain. On each digest authentication attempt, the nonce is validated against the stored nonces. If the nonce is present, a replay attack has occurred and the digest authentication attempt fails.
Privileges | Read/Write |
Type | boolean |
Privileges | Read only |
Type | java.lang.String |
Default Value | DefaultIdentityAsserter |
Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The name of the Java class used to load the Identity Assertion provider.
Privileges | Read only |
Type | java.lang.String |
Default Value | weblogic.security.providers.authentication.DefaultIdentityAsserterProviderImpl |
Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The token types supported by the Identity Assertion provider.
Privileges | Read only |
Type | class java.lang.String[] |
Default Value | AuthenticatedUser X.509 CSI.PrincipalName CSI.ITTAnonymous CSI.X509CertChain CSI.DistinguishedName wsse:PasswordDigest |
Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The list of trusted client principals to use in CSI v2 identity assertion. The wildcard character (*) can be used to specify all principals are trusted. If a client is not listed as a trusted client principal, the CSIv2 identity assertion fails and the invoke is rejected.
Privileges | Read/Write |
Type | class java.lang.String[] |
Uses the user name mapping class provided by WebLogic Server. The default user name mapping class only validates that a certificate has not expired. If you require additional validation, you need to write your own user name mapping class. Writing your own user name mapping class also allows you to specify what attribute in the subject DN of the certificate is used to map to the user name.
Privileges | Read/Write |
Type | boolean |
The name of the Java class that maps X.509 digital certificates and X.501 distinguished names to WebLogic user names.
Privileges | Read/Write |
Type | java.lang.String |
The version number of the Identity Assertion provider.
Privileges | Read only |
Type | java.lang.String |
Default Value | 1.0 |
Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
This section describes the following operations:
|
Operation Name | "wls_getDisplayName" |
Parameters | null |
Signature | null |
Returns | String
|