DefaultIdentityAsserterMBean


Overview  |   Related MBeans  |   Attributes  |   Operations

Overview

The MBean that represents configuration atrributes for the WebLogic Identity Assertion provider. The WebLogic Identity Assertion provider supports identity assertion using X.509 certificates and CORBA Common Secure Interoperability version 2 (CS1 v2). The class also contains attributes for the default user name mapping class plus the list of trusted client principals.Deprecation of MBeanHome and Type-Safe InterfacesThis is a type-safe interface for a WebLogic Server MBean, which you can import into your client classes and access through weblogic.management.MBeanHome. As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, client classes that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection interface to discover MBeans, attributes, and attribute types at runtime. For more information, see "Developing Manageable Applications with JMX" on http://www.oracle.com/technology/documentation/index.html.

   
Fully Qualified Interface NameIf you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:
weblogic.security.providers.authentication.DefaultIdentityAsserterMBean
Factory Methods No factory methods. Instances of this MBean are created automatically.
Access Points Inherited from AuthenticationProviderMBean Because this MBean extends or implements AuthenticationProviderMBean, you can also access this MBean by retrieving AuthenticationProviderMBeans. The following attributes contain AuthenticationProviderMBeans and its subtypes:


    Related MBeans

    This section describes attributes that provide access to other MBeans. For more information about the MBean hierarchy, refer to WebLogic Server MBean Data Model.


      Realm

      Returns the realm that contains this security provider. Returns null if this security provider is not contained by a realm.

             
      Privileges Read only
      TypeRealmMBean
      Relationship type: Reference.


      Attributes

      This section describes the following attributes:


      ActiveTypes

      Returns the token types that the Identity Assertion provider is currently configured to process.

             
      Privileges Read/Write
      Typeclass java.lang.String[]

      Base64DecodingRequired

      Returns whether the tokens that are passed to the Identity Assertion provider will be will base64 decoded first. If false then the server will not base64 decode the token before passing it to the identity asserter. This defaults to true for backwards compatibility but most providers will probably want to set this to false.

             
      Privileges Read/Write
      Typeboolean
      Default Valuetrue

      DefaultUserNameMapperAttributeDelimiter

      The delimiter that ends the attribute value when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.

             
      Privileges Read/Write
      Typejava.lang.String
      Default Value@

      DefaultUserNameMapperAttributeType

      The name of the attribute from the subject DN to use when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.

             
      Privileges Read/Write
      Typejava.lang.String
      Default ValueE
      Legal Values
      • C
      • CN
      • E
      • L
      • O
      • OU
      • S
      • STREET

      Description

      A short description of the Identity Assertion provider.

             
      Privileges Read only
      Typejava.lang.String
      Default ValueWebLogic Identity Assertion provider
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      DigestDataSourceName

      The name of the data source to use for storage digest values. These digest values are used to detect replay attacks.

             
      Privileges Read/Write
      Typejava.lang.String

      DigestExpirationTimePeriod

      Determines how long digests are valid. A digest that was created before the specified time will not be valid. This setting impacts how long previous digest values must be stored in the database for use in detecting replay attacks.

             
      Privileges Read/Write
      Typeint
      Default Value300

      DigestReplayDetectionEnabled

      Enables the storage of the digest nonce values used to detect replay attacks. If this setting is enabled, you must configure a data source to store the nonces for the specified expiration period. WebLogic Server then stores all the nonces from digest authentication attempts for all the machines in the domain. On each digest authentication attempt, the nonce is validated against the stored nonces. If the nonce is present, a replay attack has occurred and the digest authentication attempt fails.

             
      Privileges Read/Write
      Typeboolean

      Name

             
      Privileges Read only
      Typejava.lang.String
      Default ValueDefaultIdentityAsserter
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      ProviderClassName

      The name of the Java class used to load the Identity Assertion provider.

             
      Privileges Read only
      Typejava.lang.String
      Default Valueweblogic.security.providers.authentication.DefaultIdentityAsserterProviderImpl
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      SupportedTypes

      The token types supported by the Identity Assertion provider.

             
      Privileges Read only
      Typeclass java.lang.String[]
      Default Value AuthenticatedUser X.509 CSI.PrincipalName CSI.ITTAnonymous CSI.X509CertChain CSI.DistinguishedName wsse:PasswordDigest
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      TrustedClientPrincipals

      The list of trusted client principals to use in CSI v2 identity assertion. The wildcard character (*) can be used to specify all principals are trusted. If a client is not listed as a trusted client principal, the CSIv2 identity assertion fails and the invoke is rejected.

             
      Privileges Read/Write
      Typeclass java.lang.String[]

      UseDefaultUserNameMapper

      Uses the user name mapping class provided by WebLogic Server. The default user name mapping class only validates that a certificate has not expired. If you require additional validation, you need to write your own user name mapping class. Writing your own user name mapping class also allows you to specify what attribute in the subject DN of the certificate is used to map to the user name.

             
      Privileges Read/Write
      Typeboolean

      UserNameMapperClassName

      The name of the Java class that maps X.509 digital certificates and X.501 distinguished names to WebLogic user names.

             
      Privileges Read/Write
      Typejava.lang.String

      Version

      The version number of the Identity Assertion provider.

             
      Privileges Read only
      Typejava.lang.String
      Default Value1.0
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.


      Operations

      This section describes the following operations:


        wls_getDisplayName

           
        Operation Name"wls_getDisplayName"
        Parametersnull
        Signaturenull
        ReturnsString