Oracle Fusion Middleware
Oracle WebLogic Server MBean Javadoc
11g Release 1 (10.3.6)

Part Number E13945-06

weblogic.security.providers.saml
Interface SAMLCredentialMapperMBean

All Superinterfaces:
ApplicationVersionerMBean, CredentialMapperMBean, ProviderMBean

public interface SAMLCredentialMapperMBean
extends CredentialMapperMBean, ApplicationVersionerMBean

This MBean represents configuration information for the SAML Credential Mapper provider.

Deprecation of MBeanHome and Type-Safe Interfaces

This is a type-safe interface for a WebLogic Server MBean, which you can import into your client classes and access through weblogic.management.MBeanHome. As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, client classes that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection interface to discover MBeans, attributes, and attribute types at runtime.


Method Summary
 Properties getAssertionConfiguration()
          Configuration for assertions generated by this SAML Authority.
 String[] getAssertionRetrievalURIs()
          One or more URI values indicating the URIs to which the SAML service should listen for incoming assertion retrieval requests.
 String getAssertionStoreClassName()
          The class that implements the persistent store for ARTIFACT profile assertions.
 Properties getAssertionStoreProperties()
          Properties passed to Assertion Store class init() method.
 int getCredCacheMinViableTTL()
          No description provided.
 int getCredCacheSize()
          No description provided.
 String getDefaultPostForm()
          The URI of the default POST form to use with POST profile.
 int getDefaultTimeToLive()
          Time in seconds that, by default, an assertion should remain valid.
 int getDefaultTimeToLiveDelta()
          A time factor you can use to allow the Credential Mapper to compensate for clock differences between the source and destination sites.
 String getDescription()
          A short description of the SAML Credential Mapper provider.
 String[] getIntersiteTransferURIs()
          The Intersite Transfer URIs for this SAML source site.
 String getIssuerURI()
          The Issuer URI (name) of this SAML Authority.
 int getMinimumParserPoolSize()
          The minimum number of parsers to maintain in the parser pool.
 String getName()
          The name of this configuration.
 String getNameMapperClassName()
          The name of the Java class that maps Subjects to SAML Assertion name information.
 String getNameQualifier()
          The Name Qualifier value used by the Name Mapper.
 String getProviderClassName()
          The name of the Java class used to load the SAML Credential Mapper provider.
 String getSourceIdBase64()
          A Base64 representation, calculated from the SourceSiteURL field, which must contain a valid URL value if either of the single sign-on profiles (POST or ARTIFACT) are enabled.
 String getSourceIdHex()
          A hexadecimal representation, calculated from the SourceSiteURL field, which must contain a valid URL value if either of the single sign-on profiles (POST or ARTIFACT) are enabled.
 String getSourceSiteURL()
          The Source Site URL (name) of this SAML source site.
 String getVersion()
          The version number of the SAML Credential Mapper provider.
 boolean isArtifactEnabled()
          If true, enable Intersite Transfer Services for ARTIFACT profile.
 boolean isPostEnabled()
          If true, enable Intersite Transfer Services for POST profile.
 void setArtifactEnabled(boolean newValue)
          If true, enable Intersite Transfer Services for ARTIFACT profile.
 void setAssertionConfiguration(Properties newValue)
          Configuration for assertions generated by this SAML Authority.
 void setAssertionRetrievalURIs(String[] newValue)
          One or more URI values indicating the URIs to which the SAML service should listen for incoming assertion retrieval requests.
 void setAssertionStoreClassName(String newValue)
          The class that implements the persistent store for ARTIFACT profile assertions.
 void setAssertionStoreProperties(Properties newValue)
          Properties passed to Assertion Store class init() method.
 void setCredCacheMinViableTTL(int newValue)
          No description provided.
 void setCredCacheSize(int newValue)
          No description provided.
 void setDefaultPostForm(String newValue)
          The URI of the default POST form to use with POST profile.
 void setDefaultTimeToLive(int newValue)
          Time in seconds that, by default, an assertion should remain valid.
 void setDefaultTimeToLiveDelta(int newValue)
          A time factor you can use to allow the Credential Mapper to compensate for clock differences between the source and destination sites.
 void setIntersiteTransferURIs(String[] newValue)
          The Intersite Transfer URIs for this SAML source site.
 void setIssuerURI(String newValue)
          The Issuer URI (name) of this SAML Authority.
 void setMinimumParserPoolSize(int newValue)
          The minimum number of parsers to maintain in the parser pool.
 void setNameMapperClassName(String newValue)
          The name of the Java class that maps Subjects to SAML Assertion name information.
 void setNameQualifier(String newValue)
          The Name Qualifier value used by the Name Mapper.
 void setPostEnabled(boolean newValue)
          If true, enable Intersite Transfer Services for POST profile.
 void setSourceSiteURL(String newValue)
          The Source Site URL (name) of this SAML source site.
 
Methods inherited from interface weblogic.management.security.ProviderMBean
getRealm
 
Methods inherited from interface weblogic.management.security.ProviderMBean
getRealm
 

Method Detail

getProviderClassName

String getProviderClassName()

The name of the Java class used to load the SAML Credential Mapper provider.

Default Value:
"weblogic.security.providers.saml.SAMLCredentialMapperProviderImpl"

getDescription

String getDescription()

A short description of the SAML Credential Mapper provider.

Specified by:
getDescription in interface ProviderMBean
Default Value:
"WebLogic SAML Credential Mapping Provider. Supports Security Assertion Markup Language v1.1."

getVersion

String getVersion()

The version number of the SAML Credential Mapper provider.

Specified by:
getVersion in interface ProviderMBean
Default Value:
"1.0"

getIssuerURI

String getIssuerURI()

The Issuer URI (name) of this SAML Authority.

Changes take effect after you redeploy the module or restart the server.
Default Value:
""

setIssuerURI

void setIssuerURI(String newValue)
                  throws InvalidAttributeValueException

The Issuer URI (name) of this SAML Authority.

Parameters:
newValue - - new value for attribute IssuerURI
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
""

getNameMapperClassName

String getNameMapperClassName()

The name of the Java class that maps Subjects to SAML Assertion name information. When no mapper is specified, the default mapper implementation is used.

Changes take effect after you redeploy the module or restart the server.
Default Value:
""

setNameMapperClassName

void setNameMapperClassName(String newValue)
                            throws InvalidAttributeValueException

The name of the Java class that maps Subjects to SAML Assertion name information. When no mapper is specified, the default mapper implementation is used.

Parameters:
newValue - - new value for attribute NameMapperClassName
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
""

getNameQualifier

String getNameQualifier()

The Name Qualifier value used by the Name Mapper.

The value of the Name Qualifier is the security or administrative domain that qualifies the name of the subject. This provides a means to federate names from disparate user stores while avoiding the possibility of subject name collision.

Changes take effect after you redeploy the module or restart the server.
Default Value:
""

setNameQualifier

void setNameQualifier(String newValue)
                      throws InvalidAttributeValueException

The Name Qualifier value used by the Name Mapper.

The value of the Name Qualifier is the security or administrative domain that qualifies the name of the subject. This provides a means to federate names from disparate user stores while avoiding the possibility of subject name collision.

Parameters:
newValue - - new value for attribute NameQualifier
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
""

getDefaultTimeToLive

int getDefaultTimeToLive()

Time in seconds that, by default, an assertion should remain valid.

If the value is zero, then assertions have an infinite lifetime. Using assertions with an infinite lifetime is not recommended, however.

Changes take effect after you redeploy the module or restart the server.
Default Value:
120
Minimum Value:
0

setDefaultTimeToLive

void setDefaultTimeToLive(int newValue)
                          throws InvalidAttributeValueException

Time in seconds that, by default, an assertion should remain valid.

If the value is zero, then assertions have an infinite lifetime. Using assertions with an infinite lifetime is not recommended, however.

Parameters:
newValue - - new value for attribute DefaultTimeToLive
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
120
Minimum Value:
0

getDefaultTimeToLiveDelta

int getDefaultTimeToLiveDelta()

A time factor you can use to allow the Credential Mapper to compensate for clock differences between the source and destination sites. The value is a positive or negative integer representing seconds.

Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). This value is a positive or negative integer indicating how many seconds before or after "now" the assertions NotBefore should be set to. If you set a value for DefaultTimeToLiveDelta, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + TimeToLiveDelta). So, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now. This allows the Credential Mapper to compensate for clock differences between the source and destination sites. The default can be overridden for specific assertions.

Changes take effect after you redeploy the module or restart the server.
Default Value:
0

setDefaultTimeToLiveDelta

void setDefaultTimeToLiveDelta(int newValue)
                               throws InvalidAttributeValueException

A time factor you can use to allow the Credential Mapper to compensate for clock differences between the source and destination sites. The value is a positive or negative integer representing seconds.

Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). This value is a positive or negative integer indicating how many seconds before or after "now" the assertions NotBefore should be set to. If you set a value for DefaultTimeToLiveDelta, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + TimeToLiveDelta). So, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now. This allows the Credential Mapper to compensate for clock differences between the source and destination sites. The default can be overridden for specific assertions.

Parameters:
newValue - - new value for attribute DefaultTimeToLiveDelta
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
0

getSourceSiteURL

String getSourceSiteURL()

The Source Site URL (name) of this SAML source site.

Changes take effect after you redeploy the module or restart the server.
Default Value:
""

setSourceSiteURL

void setSourceSiteURL(String newValue)
                      throws InvalidAttributeValueException

The Source Site URL (name) of this SAML source site.

Parameters:
newValue - - new value for attribute SourceSiteURL
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
""

getSourceIdHex

String getSourceIdHex()

A hexadecimal representation, calculated from the SourceSiteURL field, which must contain a valid URL value if either of the single sign-on profiles (POST or ARTIFACT) are enabled.

This read-only value is a hexadecimal representation of a 20-byte binary value that is calculated from the SourceSiteURL. If you want to configure ARTIFACT profile with another site, you will need to give a SourceId value to the other site. This value is are automatically updated when the SourceSiteURL changes.

Changes take effect after you redeploy the module or restart the server.
Default Value:
""

getSourceIdBase64

String getSourceIdBase64()

A Base64 representation, calculated from the SourceSiteURL field, which must contain a valid URL value if either of the single sign-on profiles (POST or ARTIFACT) are enabled.

This read-only value is a Base64 representation of a 20-byte binary value that is calculated from the SourceSiteURL. If you want to configure ARTIFACT profile with another site, you will need to give a SourceId value to the other site. This value is are automatically updated when the SourceSiteURL changes.

Changes take effect after you redeploy the module or restart the server.
Default Value:
""

getIntersiteTransferURIs

String[] getIntersiteTransferURIs()

The Intersite Transfer URIs for this SAML source site.

Default Value:
weblogic.security.providers.saml.SAMLCredentialMapperImpl.defaultIntersiteTransferURIs()

setIntersiteTransferURIs

void setIntersiteTransferURIs(String[] newValue)
                              throws InvalidAttributeValueException

The Intersite Transfer URIs for this SAML source site.

Parameters:
newValue - - new value for attribute IntersiteTransferURIs
Throws:
InvalidAttributeValueException
Default Value:
weblogic.security.providers.saml.SAMLCredentialMapperImpl.defaultIntersiteTransferURIs()

getAssertionRetrievalURIs

String[] getAssertionRetrievalURIs()

One or more URI values indicating the URIs to which the SAML service should listen for incoming assertion retrieval requests.

For artifact profile, the destination site receives a SAML artifact that represents a source site (why we need the source site ID values) and an assertion ID. The destination site sends a request containing the artifact to the source site's assertion retrieval URL, and the source site responds with the corresponding assertion. You may configure multiple URIs here, although typically one will be sufficient. The URI includes the application context, followed by the resource context. For example:

/my_application/saml/ars

which would be accessible from the outside as https://my.example.com/my_application/saml/ars The default value is /samlars/ars, which is a URI in the /samlars application. This application is automatically deployed by default, and serves only to host the Assertion Retrieval Service. For a typical use case, you can simply use the defaults. However, you must first set up SSL correctly, as the /samlars application requires a secure connection.

Default Value:
weblogic.security.providers.saml.SAMLCredentialMapperImpl.defaultAssertionRetrievalURIs()

setAssertionRetrievalURIs

void setAssertionRetrievalURIs(String[] newValue)
                               throws InvalidAttributeValueException

One or more URI values indicating the URIs to which the SAML service should listen for incoming assertion retrieval requests.

For artifact profile, the destination site receives a SAML artifact that represents a source site (why we need the source site ID values) and an assertion ID. The destination site sends a request containing the artifact to the source site's assertion retrieval URL, and the source site responds with the corresponding assertion. You may configure multiple URIs here, although typically one will be sufficient. The URI includes the application context, followed by the resource context. For example:

/my_application/saml/ars

which would be accessible from the outside as https://my.example.com/my_application/saml/ars The default value is /samlars/ars, which is a URI in the /samlars application. This application is automatically deployed by default, and serves only to host the Assertion Retrieval Service. For a typical use case, you can simply use the defaults. However, you must first set up SSL correctly, as the /samlars application requires a secure connection.

Parameters:
newValue - - new value for attribute AssertionRetrievalURIs
Throws:
InvalidAttributeValueException
Default Value:
weblogic.security.providers.saml.SAMLCredentialMapperImpl.defaultAssertionRetrievalURIs()

isArtifactEnabled

boolean isArtifactEnabled()

If true, enable Intersite Transfer Services for ARTIFACT profile.

Changes take effect after you redeploy the module or restart the server.
Default Value:
false

setArtifactEnabled

void setArtifactEnabled(boolean newValue)
                        throws InvalidAttributeValueException

If true, enable Intersite Transfer Services for ARTIFACT profile.

Parameters:
newValue - - new value for attribute ArtifactEnabled
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
false

getAssertionStoreClassName

String getAssertionStoreClassName()

The class that implements the persistent store for ARTIFACT profile assertions.

Default Value:
""

setAssertionStoreClassName

void setAssertionStoreClassName(String newValue)
                                throws InvalidAttributeValueException

The class that implements the persistent store for ARTIFACT profile assertions.

Parameters:
newValue - - new value for attribute AssertionStoreClassName
Throws:
InvalidAttributeValueException
Default Value:
""

getAssertionStoreProperties

Properties getAssertionStoreProperties()

Properties passed to Assertion Store class init() method. This may be useful if you have implemented a custom Assertion Store class.

Default Value:
new java.util.Properties()

setAssertionStoreProperties

void setAssertionStoreProperties(Properties newValue)
                                 throws InvalidAttributeValueException

Properties passed to Assertion Store class init() method. This may be useful if you have implemented a custom Assertion Store class.

Parameters:
newValue - - new value for attribute AssertionStoreProperties
Throws:
InvalidAttributeValueException
Default Value:
new java.util.Properties()

isPostEnabled

boolean isPostEnabled()

If true, enable Intersite Transfer Services for POST profile.

Changes take effect after you redeploy the module or restart the server.
Default Value:
false

setPostEnabled

void setPostEnabled(boolean newValue)
                    throws InvalidAttributeValueException

If true, enable Intersite Transfer Services for POST profile.

Parameters:
newValue - - new value for attribute PostEnabled
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
false

getDefaultPostForm

String getDefaultPostForm()

The URI of the default POST form to use with POST profile.

The default POST form must be a resource on the local machine. If the default POST form resource is not in the same application as the Intersite Transfer Service used with POST profile, then it must be in an application context that shares a cookie name with the Intersite Transfer Service application context.

Changes take effect after you redeploy the module or restart the server.
Default Value:
""

setDefaultPostForm

void setDefaultPostForm(String newValue)
                        throws InvalidAttributeValueException

The URI of the default POST form to use with POST profile.

The default POST form must be a resource on the local machine. If the default POST form resource is not in the same application as the Intersite Transfer Service used with POST profile, then it must be in an application context that shares a cookie name with the Intersite Transfer Service application context.

Parameters:
newValue - - new value for attribute DefaultPostForm
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
""

getMinimumParserPoolSize

int getMinimumParserPoolSize()

The minimum number of parsers to maintain in the parser pool.

Default Value:
5
Minimum Value:
0

setMinimumParserPoolSize

void setMinimumParserPoolSize(int newValue)
                              throws InvalidAttributeValueException

The minimum number of parsers to maintain in the parser pool.

Parameters:
newValue - - new value for attribute MinimumParserPoolSize
Throws:
InvalidAttributeValueException
Default Value:
5
Minimum Value:
0

getAssertionConfiguration

Properties getAssertionConfiguration()

Configuration for assertions generated by this SAML Authority.

Assertions are configured in key=value format. You may find it convenient to write your assertion configuration in a text editor and paste it into the Assertion Configuration field.

Changes take effect after you redeploy the module or restart the server.
Default Value:
new java.util.Properties()

setAssertionConfiguration

void setAssertionConfiguration(Properties newValue)
                               throws InvalidAttributeValueException

Configuration for assertions generated by this SAML Authority.

Assertions are configured in key=value format. You may find it convenient to write your assertion configuration in a text editor and paste it into the Assertion Configuration field.

Parameters:
newValue - - new value for attribute AssertionConfiguration
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
new java.util.Properties()

getCredCacheSize

int getCredCacheSize()
No description provided.

Changes take effect after you redeploy the module or restart the server.
Default Value:
0
Minimum Value:
0

setCredCacheSize

void setCredCacheSize(int newValue)
                      throws InvalidAttributeValueException
No description provided.

Parameters:
newValue - - new value for attribute CredCacheSize
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
0
Minimum Value:
0

getCredCacheMinViableTTL

int getCredCacheMinViableTTL()
No description provided.

Changes take effect after you redeploy the module or restart the server.
Default Value:
20
Minimum Value:
0

setCredCacheMinViableTTL

void setCredCacheMinViableTTL(int newValue)
                              throws InvalidAttributeValueException
No description provided.

Parameters:
newValue - - new value for attribute CredCacheMinViableTTL
Throws:
InvalidAttributeValueException
Changes take effect after you redeploy the module or restart the server.
Default Value:
20
Minimum Value:
0

getName

String getName()
Description copied from interface: ProviderMBean
The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.

Specified by:
getName in interface ProviderMBean
Default Value:
"SAMLCredentialMapper"

Copyright 1996, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Oracle Fusion Middleware
Oracle WebLogic Server MBean Javadoc
11g Release 1 (10.3.6)

Part Number E13945-06