| |
SAML 2.0 Credential Mapping Provider: Web Single Sign-on Service Provider Partner: General
Configuration Options Related Tasks Related Topics
Configures a SAML 2.0 Web Single Sign-on Service Provider Partner's General Properties
The parameters that can be set on this Administration Console page can also be accessed programmatically via the Java interfaces that are identified in this help topic. For API information about those interfaces, see Related Topics.
Configuration Options
Name Description Name The name of this Service Provider partner.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.Partnerinterface.Enabled Specifies whether interactions with this Service Provider partner are enabled on this server.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.Partnerinterface.Description A short description of this Service Provider partner.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.Partnerinterface.Service Provider Name Mapper Class Name The Java class that overrides the default username mapper class with which the SAML 2.0 Credential Mapping provider is configured in this security realm.
If specified, this class is a custom implementation of the
com.bea.security.saml2.providers.SAML2CredentialNameMapperinterface and is used for assertions generated for this specific Service Provider partner.Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.SPPartnerinterface.Time To Live The time to live value, in seconds, for assertions generated for this Service Provider partner.
This value overrides the default setting for the SAML 2.0 Credential Mapping provider.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.SPPartnerinterface.Time To Live Offset The time to live offset value, in seconds, for assertions generated for this Service Provider partner.
This value overrides the default setting for the SAML 2.0 Credential Mapping provider. You can specify this value to allow the SAML 2.0 Credential Mapping provider to compensate for clock differences between the Identity Provider and Service Provider sites. The value is a positive or negative integer representing seconds.
Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). However, the Identity Provider site and Service Provider site may have minor differences in their clock settings. The Time To Live offset value is a positive or negative integer indicating how many seconds before or after "now" the assertion's NotBefore should be set to. If you set a value for the Assertion Time To Live Offset, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + Assertion Time To Live Offset). So, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now. This allows the SAML 2.0 Credential Mapping provider to compensate for clock differences between the Identity Provider and Service Provider sites.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.SPPartnerinterface.Generate Attributes Specifies whether this server's SAML 2.0 Credential Mapping provider creates attribute statements in the assertions generated for this Service Provider partner.
The attribute statements specify group information about the user that can subsequently be extracted by the Service Provider's SAML 2.0 Identity Assertion provider. This enables the Service Provider to map group as well as user information from the assertion.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.SPPartnerinterface.Include One Time Use Condition Specifies whether the assertions sent to this Service Provider partner are disposed of immediately after use and are not available for reuse.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.SPPartnerinterface.Key Info Included Specifies whether this server's signing certificate is included in assertions generated for this Service Provider partner.
Note that WebLogic Server's SAML 2.0 implementation uses only the certificates that are referenced in the partner registry, not certificates contained in assertions.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.SPPartnerinterface.Only Accept Signed Assertions Specifies whether the Service Provider partner is configured to receive only assertions that have been signed.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.SPPartnerinterface.Only Accept Signed Authentication Requests Specifies whether the local Identity Provider services are configured to accept only signed authentication requests.
If
true, unsigned authentication requests from this Service Provider partner are rejected.Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.WebSSOSPPartnerinterface.Only Accept Signed Artifact Requests Specifies whether inbound SAML artifact requests from this Service Provider partner must be signed.
If enabled, unsigned artifact requests received from this Service Provider are rejected. This attribute is available to be set if the Artifact binding is enabled for either partner.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.WebSSOPartnerinterface.Send Artifact via POST Specifies whether SAML artifacts are delivered to this Service Provider partner via the HTTP POST binding.
If
false, artifacts are delivered via the HTTP GET binding.Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.WebSSOPartnerinterface.Artifact Binding POST Form The URI of the custom web application that generates the HTTP POST form for sending the SAML artifact.
You may enter a URI in this field only if Send Artifact via POST is enabled. Details about the required fields in this custom application are available in the OASIS SAML 2.0 specifications.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.WebSSOPartnerinterface.POST Binding POST Form The URI of the custom web application that generates the HTTP POST form for sending the message via the POST binding.
Details about the required fields in this custom application are available in the OASIS SAML 2.0 specifications.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.WebSSOPartnerinterface.Client User Name The username that is expected from this Service Provider partner when connecting to the partner site's SOAP/HTTPS binding using Basic authentication.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.BindingClientPartnerinterface.Client Password The password for the client username.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.BindingClientPartnerinterface.
- Create a SAML 2.0 Web Single Sign-on Service Provider partner
- Configure Authentication and Identity Assertion providers
- Manage security providers
- Configuring SAML 2.0 Services
- Configuring an Identity Provider Site for SAML 2.0 Single Sign-On
- Create and Configure Web Single Sign-On Service Provider Partners
- Understanding Security for Oracle WebLogic Server
- Configuring Single Sign-On with Web Browsers and HTTP Clients
- API description of com.bea.security.saml2.providers.registry.Partner interface
- API description of com.bea.security.saml2.providers.registry.SPPartner interface
- API description of com.bea.security.saml2.providers.registry.WebSSOSPPartner interface
- API description of com.bea.security.saml2.providers.registry.WebSSOPartner interface
- API description of com.bea.security.saml2.providers.registry.BindingClientPartner interface
|