1. RESTful Domain Configuration Management Interface for Oracle WebLogic Server
  2. Tasks
  3. Single Sign On Services
  4. Servers
  5. Single Sign On Services

View This Single Sign On Services

get

/management/weblogic/{version}/domainConfig/servers/{name}/singleSignOnServices

View this single sign on services.

Request

Path Parameters
Query Parameters
  • The 'excludeFields' query parameter is used to restrict which fields are returned in the response. It is a comma separated list of field names. If present, only fields whose name is not on the list will be returned. If not present, all fields are returned (unless the 'fields' query parameter is specified). Note: 'fields' must not be specified if 'excludeFields' is specified.
  • The 'fields' query parameter is used to restrict which fields are returned in the response. It is a comma separated list of field names. If present, only fields with matching names are returned. If not present, all fields are returned (unless the 'excludeFields' query parameter is specified). Note: 'excludeFields' must not be specified if 'fields' is specified.
Security
Back to Top

Response

Supported Media Types

200 Response

Returns this single sign on services.

Body ()
Root Schema : Single Sign On Services
Type: object
Show Source
  • Items
    Title: Items

    List of hosts to compare against the host in the SAML SP target redirect URL. When the list is empty, the target redirect URL will not be checked.

  • Default Value: 10000

    The maximum size of the artifact cache.

    This cache contains the artifacts issued by the local site that are awaiting referencing by a partner. Specify '0' to indicate that the cache is unbounded.

  • Default Value: 300

    The maximum timeout (in seconds) of artifacts stored in the local cache.

    This cache stores artifacts issued by the local site that are awaiting referencing by a partner. Artifacts that reach this maximum timeout duration are expired in the local cache even if no reference request has been received from the partner. If a reference request is subsequently received from the partner, the cache behaves as if the artifact had never been generated.

  • Default Value: oracle.doceng.json.BetterJsonNull@59f6769f

    The keystore alias for the certificate and private key to be used to encrypt and decrypt SAML Assertions.

    The certificate is published in the SP metadata, which will be used by an external SP to encrypt SAML assertions.

    The private key is used to decrypt assertions. If the alias is not specified, the server's configured SSL identity alias is used by default.

  • Default Value: oracle.doceng.json.BetterJsonNull@58015415

    The passphrase used to retrieve the local site's Assertion key from the keystore.

  • Default Value: false

    Get assertion encryption enabled flag

  • Default Value: 10000

    The maximum size of the authentication request cache.

    This cache stores documents issued by the local Service Provider that are awaiting response from a partner Identity Provider.

    Specify '0' to indicate that the cache is unbounded.

  • Default Value: 300

    The maximum timeout (in seconds) of documents stored in the local cache.

    This cache stores documents issued by the local Service provider that are awaiting response from a partner Identity Provider. Documents that reach this maximum timeout duration are expired from the local cache even if no response is received from the Identity Provider. If a response is subsequently returned by the Identity Provider, the cache behaves as if the had never been generated.

  • The password used to assign Basic Authentication credentials to outgoing HTTPS connections

  • The username that is used to assign Basic authentication credentials to outgoing HTTPS connections.

  • Default Value: oracle.doceng.json.BetterJsonNull@2285b58f

    The contact person's company name.

  • Default Value: oracle.doceng.json.BetterJsonNull@1d558b70

    The contact person's e-mail address.

  • Default Value: oracle.doceng.json.BetterJsonNull@54dc665b

    The contact person given (first) name.

  • Default Value: oracle.doceng.json.BetterJsonNull@7c107970

    The contact person surname (last name).

  • Default Value: oracle.doceng.json.BetterJsonNull@3797ec32

    The contact person's telephone number.

  • Default Value: oracle.doceng.json.BetterJsonNull@322a25fb

    The contact person type.

  • Default Value: aes128-gcm

    Get the preferred data encryption algorithm for SAML assertion encryption. This algorithm is used if it is found in the Service Provider's metadata or if the Service Partner's metadata does not include any data encryption algorithm.

  • Default Value: oracle.doceng.json.BetterJsonNull@1fe0fc8e

    The Service Provider's default URL.

    When an unsolicited SSO response arrives at the Service Provider without an accompanying target URL, the user (if authenticated) is redirected to this default URL.

  • Read Only: true
    Default Value: false

    Return whether the MBean was created dynamically or is persisted to config.xml

  • Default Value: oracle.doceng.json.BetterJsonNull@39972c67

    The string that uniquely identifies the local site.

  • Default Value: false

    Specifies whether the Identity Provider must authenticate users directly and not use a previous security context. The default is false.

    Note the following:

    1. Setting ForceAuthn to true -- that is, enabling Force Authentication -- has no effect in WebLogic Server. SAML logout is not supported in WebLogic Server, so even if the user is already authenticated at the Identity Provider site and ForceAuthn is set to true, the user is not forced to authenticate again at the Identity Provider site.

    2. Setting both ForceAuthn and IsPassive to true -- that is, Force Authentication and Passive are enabled -- is an invalid configuration that causes WebLogic server to generate an exception and also causes the single sign-on session to fail.

  • Read Only: true

    Return the unique id of this MBean instance

  • Default Value: true

    Specifies whether the Artifact binding is enabled for the Identity Provider.

  • Default Value: false

    Specifies whether the local site is enabled for the Identity Provider role.

  • Default Value: true

    Specifies whether the POST binding is enabled for the Identity Provider.

  • Default Value: None
    Allowed Values: [ "None", "HTTP/POST", "HTTP/Artifact", "HTTP/Redirect" ]

    Specifies the preferred binding type for endpoints of the Identity Provider services. Must be set to None, HTTP/POST, HTTP/Artifact, or HTTP/Redirect

    Constraints

    • legal null
  • Default Value: true

    Specifies whether the Redirect binding is enabled for the Identity Provider.

  • Default Value: rsa-oaep

    Get the preferred key encryption algorithm for SAML assertion encryption. This algorithm is used if it is found in the Service Provider's metadata or if the Service Partner's metadata does not include any key encryption algorithm.

  • Default Value: oracle.doceng.json.BetterJsonNull@273e19de

    The name of the query parameter to be used for conveying the login-return URL to the login form web application.

  • Default Value: /saml2/idp/login

    The URL of the login form web application to which unauthenticated requests are directed.

    By default, the login URL is /saml2/idp/login using Basic authentication. Typically you specify this URL if you are using a custom login web application.

    Constraints

    • legal null
  • Items
    Title: Items
  • Read Only: true

    The user-specified name of this MBean instance.

    This name is included as one of the key properties in the MBean's javax.management.ObjectName

    Name=user-specified-name

    Constraints

    • legal null

  • Optional information that you can include to describe this configuration.

    WebLogic Server saves this note in the domain's configuration file (config.xml) as XML PCDATA. All left angle brackets (<) are converted to the xml entity <. Carriage returns/line feeds are preserved.

    Note: If you create or edit a note from the Administration Console, the Administration Console does not preserve carriage returns/line feeds.

  • Default Value: oracle.doceng.json.BetterJsonNull@6935c1fb

    The organization name.

    This string specifies the name of the organization to which a user may refer for obtaining additional information about the local site.

  • Default Value: oracle.doceng.json.BetterJsonNull@43fdd5fe

    The organization URL.

    This string specifies a location to which a user may refer for information about the local site. This string is not used by SAML 2.0 services for the actual handling or processing of messages.

  • Default Value: false

    Determines whether the Identity Provider and the user must not take control of the user interface from the requester and interact with the user in a noticeable fashion. The default setting is false

    The WebLogic Server SAML 2.0 services generate an exception if Passive (IsPassive) is enabled and the end user is not already authenticated at the Identity Provider site. In this situation, web single sign-on fails.

  • Default Value: true

    Specifies whether the POST one-use check is enabled.

    If set, the local site POST binding endpoints will store identifiers of all inbound documents to ensure that those documents are not presented more than once.

  • Default Value: oracle.doceng.json.BetterJsonNull@45a12b1c

    The published site URL.

    When publishing SAML 2.0 metadata, this URL is used as a base URL to construct endpoint URLs for the various SAML 2.0 services. The published site URL is also used during request processing to generate and/or parse various URLs.

    The hostname and port portion of the URL should be the hostname and port at which the server is visible externally; this may not be the same as the hostname and port by which the server is known locally. If you are configuring SAML 2.0 services in a cluster, the hostname and port may correspond to the load balancer or proxy server that distributes client requests to servers in the cluster.

    The remainder of the URL should be a single path component corresponding to the application context at which the SAML 2.0 services application is deployed (typically /saml2).

  • Default Value: true

    Specifies whether the recipient/destination check is enabled. When true, the recipient of the SAML Request/Response must match the URL in the HTTP Request.

  • Default Value: false

    Specifies whether the persistent cache (LDAP or RDBMS) is used for storing SAML 2.0 artifacts and authentication requests.

    RDBMS is required by the SAML 2.0 security providers in production environments. Use LDAP only in development environments.

    If this is not set, artifacts and requests are saved in memory.

    If you are configuring SAML 2.0 services for two or more WebLogic Server instances in a domain, you must enable the replicated cache individually on each server. In addition, if you are configuring SAML 2.0 services in a cluster, each Managed Server must also be configured individually.

  • Default Value: true

    Specifies whether the Artifact binding is enabled for the Service Provider.

  • Default Value: false

    Specifies whether the local site is enabled for the Service Provider role.

    This attribute must be enabled in order to publish the metadata file.

  • Default Value: true

    Specifies whether the POST binding is enabled for the Service Provider.

  • Default Value: None
    Allowed Values: [ "None", "HTTP/POST", "HTTP/Artifact" ]

    Specifies the preferred binding type for endpoints of Service Provider services. Must be set to "None", "POST", or "Artifact".

    Constraints

    • legal null
  • Default Value: false

    Specifies whether authentication requests must be signed. If set, all outgoing authentication requests are signed.

  • Default Value: oracle.doceng.json.BetterJsonNull@4472df8d

    The keystore alias for the key to be used when signing documents.

    The key is used to generate signatures on all the outgoing documents, such as authentication requests and responses. If you do not specify an alias, the server's configured SSL private key alias from the server's SSL configuration is used by default.

  • Default Value: oracle.doceng.json.BetterJsonNull@46df31a6

    The passphrase used to retrieve the local site's SSO signing key from the keystore.

    If you do not specify a keystore alias and passphrase, the server's configured private key alias and private key passphrase from the server's SSL configuration is used by default.

  • Items
    Title: Items

    Return all tags on this Configuration MBean

  • The string alias used to store and retrieve the server's private key, which is used to establish outgoing TLS/SSL connections.

    If you do not specify an alias, the server's configured SSL private key alias from the server's SSL configuration is used for the TLS alias by default.

  • The passphrase used to retrieve the server's private key from the keystore.

    If you do not specify either an alias or a passphrase, the server's configured SSL private key alias and private key passphrase from the server's SSL configuration is used for the TLS alias and passphrase by default.

  • Read Only: true

    Returns the type of the MBean.

    Constraints

    • unharvestable
  • Default Value: false

    Specifies whether incoming artifact requests must be signed.

    This attribute can be set if the Artifact binding is enabled.

  • Default Value: true

    Specifies whether incoming SAML 2.0 assertions must be signed.

  • Default Value: false

    Specifies whether incoming authentication requests must be signed. If set, authentication requests that are not signed are not accepted.

  • Default Value: false

    Specifies whether Basic Authentication client authentication is required.

    If enabled, callers to HTTPS bindings of the local site must specify a Basic authentication header, and the username and password must be validated against the Basic authentication values of the binding client partner.

  • Default Value: false

    Specifies whether TLS/SSL client authentication is required.

    If enabled, callers to TLS/SSL bindings of the local site must specify client authentication (two-way SSL), and the identity specified must validate against the TLS certificate of the binding client partner.

Nested Schema : Items
Type: array
Title: Items

List of hosts to compare against the host in the SAML SP target redirect URL. When the list is empty, the target redirect URL will not be checked.

Show Source
Nested Schema : Items
Type: array
Title: Items
Default Value: [ "aes128-gcm", "aes192-gcm", "aes256-gcm", "aes128-cbc", "aes192-cbc", "aes256-cbc", "rsa-oaep", "rsa-oaep-mgf1p" ]
Show Source
Nested Schema : Items
Type: array
Title: Items

Return all tags on this Configuration MBean

Show Source
Back to Top