Oracle Fusion Middleware
Java API Reference for Oracle WebLogic Server
12c (12.1.2)

Part Number E27170-01

weblogic.security.providers.authentication
Interface UserNameMapper


public interface UserNameMapper

Interface used to perform certificate-based and distinguished name user authentication. Certificate-based authentication can be performed when a remote client makes a two-way-authenticated SSL connection to the server, in which case the client's certificate chain can be used to authenticate the remote user. This removes the need for the client to explicitly provide a username and password. Certificate-based and distinguished name authentication can be performed via CSIv2 identity assertion.

You can use this interface to map from a certificate to a user name according to whatever scheme is appropriate for your needs. You can also use this interface to map from a X.501 distinguished name to a user name.

To specify an instance of this interface to be used by the default, identity asserter, set the UserNameMapperClassName field on the Default Identity Asserter tab in the Administration Console to the name of a class that implements this interface.

Classes implementing this interface must have a public no-arg constructor.


Method Summary
 String mapCertificateToUserName(X509Certificate[] certs, boolean ssl)
          Maps a certificate to a username based on a certificate chain presented.
 String mapDistinguishedNameToUserName(byte[] distinguishedName)
          Map a X.501 distinguished name to a username based on the distinguished name attributes and values.
 

Method Detail

mapCertificateToUserName

String mapCertificateToUserName(X509Certificate[] certs,
                                boolean ssl)
Maps a certificate to a username based on a certificate chain presented. If the user can be mapped successfully, this method returns the user with its WebLogic username optionally derived from the certificate, otherwise it returns null.

Parameters:
certs - certificate chain presented by the client. An array of length at least 1. The first certificate is the leaf (i.e.  end user's) certificate. If the length is greater than 1, the array is a certificate chain, with the last element being the root CA.
ssl - true if the certificates to check were presented by the client during a successful two-way SSL handshake.
Returns:
user name derived from certificate, if mapping succeeded, or null if failed

mapDistinguishedNameToUserName

String mapDistinguishedNameToUserName(byte[] distinguishedName)
Map a X.501 distinguished name to a username based on the distinguished name attributes and values. If the user can be mapped successfully, this method returns the user with its WebLogic username optionally derived from the distinguished name, otherwise it returns null.

Parameters:
distinguishedName - ASN.1 encoding of a X.501 distinguished name.
Returns:
user name derived from distinguished name, if mapping succeeded, or null if failed

Copyright 1996, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Oracle Fusion Middleware
Java API Reference for Oracle WebLogic Server
12c (12.1.2)

Part Number E27170-01