com.bea.common.security.saml2
Interface SingleSignOnServicesConfigSpi

All Known Subinterfaces:

SingleSignOnServicesMBean

public interface SingleSignOnServicesConfigSpi

Non-environment specific configuration for SAML 2.0 SingleSignOnServices

Method Summary

int	getArtifactMaxCacheSize() Gets the maximum size of the artifact cache.
int	getArtifactTimeout() Gets the maximum timeout (in seconds) of artifacts stored in the local cache.
int	getAuthnRequestMaxCacheSize() Gets the maximum size of the <AuthnRequest> document cache.
int	getAuthnRequestTimeout() Gets the maximum timeout (in seconds) of <AuthnRequest> documents stored in the local cache.
String	getBasicAuthPassword() The password used to assign Basic Authentication credentials to outgoing HTTPS connections
byte[]	getBasicAuthPasswordEncrypted() The encrypted password used assign Basic Authentication credentials to outgoing HTTPS connections..
String	getBasicAuthUsername() Get the Basic Authentication username.
String	getContactPersonCompany() Contact person company.
String	getContactPersonEmailAddress() Contact person e-mail address.
String	getContactPersonGivenName() Contact person given name.
String	getContactPersonSurName() Contact person surname.
String	getContactPersonTelephoneNumber() Contact person telephone number.
String	getContactPersonType() Contact person type value.
String	getDefaultURL() Gets the SP's Default URL.
String	getEntityID() Entity ID
String	getErrorPath() Gets the Error Path URL.
String	getIdentityProviderPreferredBinding() Gets the preferred binding type for endpoints of identity provider services
String	getLoginReturnQueryParameter() Gets the name of the query string parameter to extract from the response following use of Login URL
String	getLoginURL() Gets the Login URL to redirect callers to when IdP receives a request from an anonymous end user.
String	getOrganizationName() Organization name.
String	getOrganizationURL() The Organization URL.
String	getPublishedSiteURL() Get the published site URL.
String	getServiceProviderPreferredBinding() Gets the preferred binding type for endpoints of service provider services
String	getSSOSigningKeyAlias() Get the SSO Signing key alias.
String	getSSOSigningKeyPassPhrase() The passphrase used to retrieve the local site's SSO signing key from the keystore.
byte[]	getSSOSigningKeyPassPhraseEncrypted() The encrypted passphrase used to retrieve the local site's SSO signing key from the keystore.
String	getTransportLayerSecurityKeyAlias() Get the TLS/SSL key alias.
String	getTransportLayerSecurityKeyPassPhrase() The passphrase used to retrieve the local site's TLS/SSL key from the keystore.
byte[]	getTransportLayerSecurityKeyPassPhraseEncrypted() The encrypted passphrase used to retrieve the local site's TLS/SSL key from the keystore.
boolean	isForceAuthn() Gets the force authentication flag
boolean	isIdentityProviderArtifactBindingEnabled() Gets the identity provider artifact binding enabled flag
boolean	isIdentityProviderEnabled() Gets the identity provider enabled flag
boolean	isIdentityProviderPOSTBindingEnabled() Gets the identity provider POST binding enabled flag
boolean	isIdentityProviderRedirectBindingEnabled() Gets the identity provider redirect binding enabled flag
boolean	isPassive() Gets the passive flag
boolean	isPOSTOneUseCheckEnabled() Specifies whether the POST one-use check is enabled.
boolean	isRecipientCheckEnabled() Specifies whether the recipient/destination check is enabled.
boolean	isReplicatedCacheEnabled() Gets replicated cache enabled flag.
boolean	isServiceProviderArtifactBindingEnabled() Gets the service provider artifact binding enabled flag
boolean	isServiceProviderEnabled() Service provider enabled flag.
boolean	isServiceProviderPOSTBindingEnabled() Gets the service provider POST binding enabled flag
boolean	isSignAuthnRequests() Sign <AuthnRequest> documents flag.
boolean	isWantArtifactRequestsSigned() Gets the flag that determines if the <ArtifactRequest> documents will be signed
boolean	isWantAssertionsSigned() Advertized flag indicating requirement that incoming assertions be signed
boolean	isWantAuthnRequestsSigned() Gets the flag that determines if <AuthnRequest> documents will be signed
boolean	isWantBasicAuthClientAuthentication() Gets the flag that determines if Basic Authentication client authentication is wanted.
boolean	isWantTransportLayerSecurityClientAuthentication() Gets the flag that determines if TLS/SSL client authentication is wanted.

Method Detail

getContactPersonGivenName

String getContactPersonGivenName()

Contact person given name.

Returns:

Contact person given name.

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

getContactPersonSurName

String getContactPersonSurName()

Contact person surname.

Returns:

Contact person surname

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

getContactPersonType

String getContactPersonType()

Contact person type value.

Returns:

Contact person type.

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

getContactPersonCompany

String getContactPersonCompany()

Contact person company.

Returns:

Contact person company.

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

getContactPersonTelephoneNumber

String getContactPersonTelephoneNumber()

Contact person telephone number.

Returns:

Contact person telephone number.

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

getContactPersonEmailAddress

String getContactPersonEmailAddress()

Contact person e-mail address.

Returns:

Contact person e-mail address.

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

getOrganizationName

String getOrganizationName()

Organization name.

Returns:

Organization name.

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

getOrganizationURL

String getOrganizationURL()

The Organization URL.

Returns:

Organization URL.

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

getPublishedSiteURL

String getPublishedSiteURL()

Get the published site URL.

Returns:

The published site URL.

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

getEntityID

String getEntityID()

Entity ID

Returns:

Entity ID

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

getErrorPath

String getErrorPath()

Gets the Error Path URL. Partner sites may redirect users to this URL for more information if SSO fails.

Returns:

The Error Path URL

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

isServiceProviderEnabled

boolean isServiceProviderEnabled()

Service provider enabled flag.

Returns:

Service provider enabled flag; 'true', if the service provider is enabled

Changes take effect after you redeploy the module or restart the server.

Default Value:

false

getDefaultURL

String getDefaultURL()

Gets the SP's Default URL. When an unsolicited SSO response arrives at the SP without an accompanying target URL, the user (if authenticated) is redirected to the default URL.

Returns:

the default URL

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

isServiceProviderArtifactBindingEnabled

boolean isServiceProviderArtifactBindingEnabled()

Gets the service provider artifact binding enabled flag

Returns:

Service provider artifact binding enabled flag; if 'true', local services will support endpoint with artifact binding when acting in the role of service provider

Changes take effect after you redeploy the module or restart the server.

Default Value:

true

isServiceProviderPOSTBindingEnabled

boolean isServiceProviderPOSTBindingEnabled()

Gets the service provider POST binding enabled flag

Returns:

Service provider POST binding enabled flag; if 'true', local services will support endpoint with POST binding when acting in the role of service provider

Changes take effect after you redeploy the module or restart the server.

Default Value:

true

getServiceProviderPreferredBinding

String getServiceProviderPreferredBinding()

Gets the preferred binding type for endpoints of service provider services

Returns:

Preferred binding type for endpoints

Changes take effect after you redeploy the module or restart the server.

Default Value:

"HTTP/Artifact"

isSignAuthnRequests

boolean isSignAuthnRequests()

Sign <AuthnRequest> documents flag.

Returns:

Sign <AuthnRequest> documents flag.

Changes take effect after you redeploy the module or restart the server.

Default Value:

false

isWantAssertionsSigned

boolean isWantAssertionsSigned()

Advertized flag indicating requirement that incoming assertions be signed

Returns:

Want incoming assertions signed flag

Changes take effect after you redeploy the module or restart the server.

Default Value:

false

getSSOSigningKeyAlias

String getSSOSigningKeyAlias()

Get the SSO Signing key alias. The key is used to generate signatures on all the outgoing documents, like <AuthnRequest>, <Response>

Returns:

The SSO Signing key.

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

getSSOSigningKeyPassPhrase

String getSSOSigningKeyPassPhrase()

The passphrase used to retrieve the local site's SSO signing key from the keystore.

Returns:

The signingKeyPassPhrase.

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

getSSOSigningKeyPassPhraseEncrypted

byte[] getSSOSigningKeyPassPhraseEncrypted()

The encrypted passphrase used to retrieve the local site's SSO signing key from the keystore.

Returns:

The encrypted signingKeyPassPhrase.

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

isForceAuthn

boolean isForceAuthn()

Gets the force authentication flag

Returns:

Force authentication flag

Changes take effect after you redeploy the module or restart the server.

Default Value:

false

isPassive

boolean isPassive()

Gets the passive flag

Returns:

Passive flag

Changes take effect after you redeploy the module or restart the server.

Default Value:

false

isIdentityProviderEnabled

boolean isIdentityProviderEnabled()

Gets the identity provider enabled flag

Returns:

Identity provider enabled flag; if 'true', local services will act in the role of identity provider

Changes take effect after you redeploy the module or restart the server.

Default Value:

false

isIdentityProviderArtifactBindingEnabled

boolean isIdentityProviderArtifactBindingEnabled()

Gets the identity provider artifact binding enabled flag

Returns:

Identity provider artifact binding enabled flag; if 'true', local services will support endpoint with artifact binding when acting in the role of identity provider

Changes take effect after you redeploy the module or restart the server.

Default Value:

true

isIdentityProviderPOSTBindingEnabled

boolean isIdentityProviderPOSTBindingEnabled()

Gets the identity provider POST binding enabled flag

Returns:

Identity provider POST binding enabled flag; if 'true', local services will support endpoint with POST binding when acting in the role of identity provider

Changes take effect after you redeploy the module or restart the server.

Default Value:

true

isIdentityProviderRedirectBindingEnabled

boolean isIdentityProviderRedirectBindingEnabled()

Gets the identity provider redirect binding enabled flag

Returns:

Identity provider redirect binding enabled flag; if 'true', local services will support endpoint with redirect binding when acting in the role of identity provider

Changes take effect after you redeploy the module or restart the server.

Default Value:

true

getIdentityProviderPreferredBinding

String getIdentityProviderPreferredBinding()

Gets the preferred binding type for endpoints of identity provider services

Returns:

Preferred binding type for endpoints

Changes take effect after you redeploy the module or restart the server.

Default Value:

"HTTP/Artifact"

isWantAuthnRequestsSigned

boolean isWantAuthnRequestsSigned()

Gets the flag that determines if <AuthnRequest> documents will be signed

Returns:

Want <AuthnRequest> documents signed flag

Changes take effect after you redeploy the module or restart the server.

Default Value:

false

getLoginURL

String getLoginURL()

Gets the Login URL to redirect callers to when IdP receives a request from an anonymous end user.

Returns:

Login URL.

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

getLoginReturnQueryParameter

String getLoginReturnQueryParameter()

Gets the name of the query string parameter to extract from the response following use of Login URL

Returns:

Login return query parameter

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

isRecipientCheckEnabled

boolean isRecipientCheckEnabled()

Specifies whether the recipient/destination check is enabled. When true, the recipient of the SAML Request/Response must match the URL in the HTTP Request.

Returns:

The recipient check enabled value.

Changes take effect after you redeploy the module or restart the server.

Default Value:

true

isPOSTOneUseCheckEnabled

boolean isPOSTOneUseCheckEnabled()

Specifies whether the POST one-use check is enabled.

Returns:

The POST one-use check enabled value.

Changes take effect after you redeploy the module or restart the server.

Default Value:

true

getTransportLayerSecurityKeyAlias

String getTransportLayerSecurityKeyAlias()

Get the TLS/SSL key alias. The key is used to establish outgoing TLS/SSL connections.

Returns:

The TLS/SSL Signing key.

Changes take effect after you redeploy the module or restart the server.

getTransportLayerSecurityKeyPassPhrase

String getTransportLayerSecurityKeyPassPhrase()

The passphrase used to retrieve the local site's TLS/SSL key from the keystore.

Returns:

The key PassPhrase.

Changes take effect after you redeploy the module or restart the server.

getTransportLayerSecurityKeyPassPhraseEncrypted

byte[] getTransportLayerSecurityKeyPassPhraseEncrypted()

The encrypted passphrase used to retrieve the local site's TLS/SSL key from the keystore.

Returns:

The encrypted signingKeyPassPhrase.

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

getBasicAuthUsername

String getBasicAuthUsername()

Get the Basic Authentication username. This username is used to assign Basic Authentication credentials to outgoing HTTPS connections.

Returns:

The Basic Authentication username.

Changes take effect after you redeploy the module or restart the server.

getBasicAuthPassword

String getBasicAuthPassword()

The password used to assign Basic Authentication credentials to outgoing HTTPS connections

Returns:

The Basic Authentication password.

Changes take effect after you redeploy the module or restart the server.

getBasicAuthPasswordEncrypted

byte[] getBasicAuthPasswordEncrypted()

The encrypted password used assign Basic Authentication credentials to outgoing HTTPS connections..

Returns:

The encrypted signingKeyPassPhrase.

Changes take effect after you redeploy the module or restart the server.

Default Value:

null

isWantArtifactRequestsSigned

boolean isWantArtifactRequestsSigned()

Gets the flag that determines if the <ArtifactRequest> documents will be signed

Returns:

Want <ArtifactRequest> documents signed flag

Changes take effect after you redeploy the module or restart the server.

Default Value:

false

isWantTransportLayerSecurityClientAuthentication

boolean isWantTransportLayerSecurityClientAuthentication()

Gets the flag that determines if TLS/SSL client authentication is wanted. If true, callers to TLS/SSL bindings of the local site must specify client authentication (two-way SSL) and the identity specified must validate against TLS certificate of the binding client partner.

Returns:

Want TLS/SSL client authentication flag

Changes take effect after you redeploy the module or restart the server.

Default Value:

true

isWantBasicAuthClientAuthentication

boolean isWantBasicAuthClientAuthentication()

Gets the flag that determines if Basic Authentication client authentication is wanted. If true, callers to HTTPS bindings of the local site must specify a basic authentication header and the username and password must validate against the basic authetnication values of the binding client partner.

Returns:

Want basic authentication client authentication flag

Changes take effect after you redeploy the module or restart the server.

Default Value:

false

getAuthnRequestMaxCacheSize

int getAuthnRequestMaxCacheSize()

Gets the maximum size of the <AuthnRequest> document cache. This cache is of documents issued by the local SP that are awaiting response from a partner IdP. Specify '0' to indicate that the cache is unbounded.

Returns:

Maximum size of <AuthnRequest> document cache.

Changes take effect after you redeploy the module or restart the server.

Default Value:

10000

getAuthnRequestTimeout

int getAuthnRequestTimeout()

Gets the maximum timeout (in seconds) of <AuthnRequest> documents stored in the local cache. This cache is of documents issued by the local SP that are awaiting response from a partner IdP. Documents that reach this maximum timeout age will be expired from the local cache even if no response has yet been received from the partner IdP. If a reponse is subsequently returned by the partner IdP, the cache will behave as if the <AuthnRequest> had never been generated.

Returns:

Maximum timeout (in seconds) of <AuthnRequest> documents stored in the local cache.

Changes take effect after you redeploy the module or restart the server.

Default Value:

300

getArtifactMaxCacheSize

int getArtifactMaxCacheSize()

Gets the maximum size of the artifact cache. This cache is of artifacts issued by the local site that are awaiting referencing by a partner. Specify '0' to indicate that the cache is unbounded.

Returns:

Maximum size of artifact cache.

Changes take effect after you redeploy the module or restart the server.

Default Value:

10000

getArtifactTimeout

int getArtifactTimeout()

Gets the maximum timeout (in seconds) of artifacts stored in the local cache. This cache is of artifacts issued by the local site that are awaiting referencing by a partner. Artifacts that reach this maximum timeout age will be expired from the local cache even if no reference request has yet been received from the partner. If a reference request is subsequently received from the partner, the cache will behave as if the artifact had never been generated.

Returns:

Maximum timeout (in seconds) of artifacts stored in the local cache.

Changes take effect after you redeploy the module or restart the server.

Default Value:

300

isReplicatedCacheEnabled

boolean isReplicatedCacheEnabled()

Gets replicated cache enabled flag. By default, the in-memory cache is used and replicated cache is disabled. To support cluster, this flag must be set to true so that the cache will be switch to replicated implementation.

Returns:

replicated cache enabled flag.

Default Value:

false