Administration Console Online Help

SAML Credential Mapping Provider V1: Provider Specific

Configuration Options     Related Tasks     Related Topics

Use this page to configure provider-specific information for this SAML Credential Mapping provider Version 1.

Version 2 of the WebLogic SAML Credential Provider manages both partner configuration and trusted certificates for asserting parties and relying parties. Version 1 of the SAML Credential Provider is deprecated in WebLogic Server 9.1; Oracle recommends using Version 2.

Configuration Options

Name	Description
Minimum Parser Pool Size	The minimum number of parsers to maintain in the parser pool. MBean Attribute: SAMLCredentialMapperMBean.MinimumParserPoolSize Minimum value: 0 Changes take effect after you redeploy the module or restart the server.
Name Mapper Class Name	The name of the Java class that maps Subjects to SAML Assertion name information. When no mapper is specified, the default mapper implementation is used. MBean Attribute: SAMLCredentialMapperMBean.NameMapperClassName
Issuer URI	The Issuer URI (name) of this SAML Authority. MBean Attribute: SAMLCredentialMapperMBean.IssuerURI
Name Qualifier	The Name Qualifier value used by the Name Mapper. The value of the Name Qualifier is the security or administrative domain that qualifies the name of the subject. This provides a means to federate names from disparate user stores while avoiding the possibility of subject name collision. MBean Attribute: SAMLCredentialMapperMBean.NameQualifier
Default Time To Live	Time in seconds that, by default, an assertion should remain valid. If the value is zero, then assertions have an infinite lifetime. Using assertions with an infinite lifetime is not recommended, however. MBean Attribute: SAMLCredentialMapperMBean.DefaultTimeToLive Minimum value: 0
Default Time To Live Delta	A time factor you can use to allow the Credential Mapper to compensate for clock differences between the source and destination sites. The value is a positive or negative integer representing seconds. Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). This value is a positive or negative integer indicating how many seconds before or after "now" the assertions NotBefore should be set to. If you set a value for DefaultTimeToLiveDelta, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + TimeToLiveDelta). So, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now. This allows the Credential Mapper to compensate for clock differences between the source and destination sites. The default can be overridden for specific assertions. MBean Attribute: SAMLCredentialMapperMBean.DefaultTimeToLiveDelta
Source Site URL	The Source Site URL (name) of this SAML source site. MBean Attribute: SAMLCredentialMapperMBean.SourceSiteURL
Source Id Hex	A hexadecimal representation, calculated from the SourceSiteURL field, which must contain a valid URL value if either of the single sign-on profiles (POST or ARTIFACT) are enabled. This read-only value is a hexadecimal representation of a 20-byte binary value that is calculated from the SourceSiteURL. If you want to configure ARTIFACT profile with another site, you will need to give a SourceId value to the other site. This value is are automatically updated when the SourceSiteURL changes. MBean Attribute: SAMLCredentialMapperMBean.SourceIdHex
Source Id Base64	A Base64 representation, calculated from the SourceSiteURL field, which must contain a valid URL value if either of the single sign-on profiles (POST or ARTIFACT) are enabled. This read-only value is a Base64 representation of a 20-byte binary value that is calculated from the SourceSiteURL. If you want to configure ARTIFACT profile with another site, you will need to give a SourceId value to the other site. This value is are automatically updated when the SourceSiteURL changes. MBean Attribute: SAMLCredentialMapperMBean.SourceIdBase64
Intersite Transfer URIs	The Intersite Transfer URIs for this SAML source site. MBean Attribute: SAMLCredentialMapperMBean.IntersiteTransferURIs Changes take effect after you redeploy the module or restart the server.
PostEnabled	If true, enable Intersite Transfer Services for POST profile. MBean Attribute: SAMLCredentialMapperMBean.PostEnabled
Default Post Form	The URI of the default POST form to use with POST profile. The default POST form must be a resource on the local machine. If the default POST form resource is not in the same application as the Intersite Transfer Service used with POST profile, then it must be in an application context that shares a cookie name with the Intersite Transfer Service application context. MBean Attribute: SAMLCredentialMapperMBean.DefaultPostForm
Artifact Enabled	If true, enable Intersite Transfer Services for ARTIFACT profile. MBean Attribute: SAMLCredentialMapperMBean.ArtifactEnabled
Assertion Retrieval URIs	One or more URI values indicating the URIs to which the SAML service should listen for incoming assertion retrieval requests. For artifact profile, the destination site receives a SAML artifact that represents a source site (why we need the source site ID values) and an assertion ID. The destination site sends a request containing the artifact to the source site's assertion retrieval URL, and the source site responds with the corresponding assertion. You may configure multiple URIs here, although typically one will be sufficient. The URI includes the application context, followed by the resource context. For example: /my_application/saml/ars which would be accessible from the outside as https://my.example.com/my_application/saml/ars The default value is /samlars/ars, which is a URI in the /samlars application. This application is automatically deployed by default, and serves only to host the Assertion Retrieval Service. For a typical use case, you can simply use the defaults. However, you must first set up SSL correctly, as the /samlars application requires a secure connection. MBean Attribute: SAMLCredentialMapperMBean.AssertionRetrievalURIs Changes take effect after you redeploy the module or restart the server.
Assertion Store Class Name	The class that implements the persistent store for ARTIFACT profile assertions. MBean Attribute: SAMLCredentialMapperMBean.AssertionStoreClassName Changes take effect after you redeploy the module or restart the server.
Assertion Store Properties	Properties passed to Assertion Store class init() method. This may be useful if you have implemented a custom Assertion Store class. MBean Attribute: SAMLCredentialMapperMBean.AssertionStoreProperties Changes take effect after you redeploy the module or restart the server.
Assertion Configuration	Configuration for assertions generated by this SAML Authority. Assertions are configured in key=value format. You may find it convenient to write your assertion configuration in a text editor and paste it into the Assertion Configuration field. MBean Attribute: SAMLCredentialMapperMBean.AssertionConfiguration

Related Tasks

• Configure Authentication and Identity Assertion providers
• Manage security providers

Related Topics

• Understanding Security for Oracle WebLogic Server
• Configuring Single Sign-On with Web Browsers and HTTP Clients
• Developing Security Providers for Oracle WebLogic Server