|
Oracle Fusion Middleware Java API Reference for Oracle WebLogic Server 12c (12.2.1) Part Number E55141-01 P4 Change 1723563 on 2015/10/09 |
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||||
public interface SingleSignOnServicesMBean
This MBean represents configuration for SAML 2.0-based local site Single Sign-On Services.
| Field Summary |
|---|
| Fields inherited from interface weblogic.management.configuration.ConfigurationMBean |
|---|
DEFAULT_EMPTY_BYTE_ARRAY |
| Method Summary | |
|---|---|
abstract int |
getArtifactMaxCacheSize()The maximum size of the artifact cache. |
abstract int |
getArtifactTimeout()The maximum timeout (in seconds) of artifacts stored in the local cache. |
abstract int |
getAuthnRequestMaxCacheSize()The maximum size of the authentication request cache. |
abstract int |
getAuthnRequestTimeout()The maximum timeout (in seconds) of <AuthnRequest> documents stored in the local cache. |
abstract String |
getBasicAuthPassword()The password used to assign Basic Authentication credentials to outgoing HTTPS connections |
abstract byte[] |
getBasicAuthPasswordEncrypted()The encrypted password used assign Basic Authentication credentials to outgoing HTTPS connections. |
abstract String |
getBasicAuthUsername()The username that is used to assign Basic authentication credentials to outgoing HTTPS connections. |
abstract String |
getContactPersonCompany()The contact person's company name. |
abstract String |
getContactPersonEmailAddress()The contact person's e-mail address. |
abstract String |
getContactPersonGivenName()The contact person given (first) name. |
abstract String |
getContactPersonSurName()The contact person surname (last name). |
abstract String |
getContactPersonTelephoneNumber()The contact person's telephone number. |
abstract String |
getContactPersonType()The contact person type. |
abstract String |
getDefaultURL()The Service Provider's default URL. |
abstract String |
getEntityID()The string that uniquely identifies the local site. |
abstract String |
getIdentityProviderPreferredBinding()Specifies the preferred binding type for endpoints of the Identity Provider services. |
abstract String |
getLoginReturnQueryParameter()The name of the query parameter to be used for conveying the login-return URL to the login form web application. |
abstract String |
getLoginURL()The URL of the login form web application to which unauthenticated requests are directed. |
abstract String |
getOrganizationName()The organization name. |
abstract String |
getOrganizationURL()The organization URL. |
abstract String |
getPublishedSiteURL()The published site URL. |
abstract String |
getServiceProviderPreferredBinding()Specifies the preferred binding type for endpoints of Service Provider services. |
abstract String |
getSSOSigningKeyAlias()The keystore alias for the key to be used when signing documents. |
abstract String |
getSSOSigningKeyPassPhrase()The passphrase used to retrieve the local site's SSO signing key from the keystore. |
abstract byte[] |
getSSOSigningKeyPassPhraseEncrypted()The encrypted passphrase used to retrieve the local site's SSO signing key from the keystore. |
abstract String |
getTransportLayerSecurityKeyAlias()The string alias used to store and retrieve the server's private key, which is used to establish outgoing TLS/SSL connections. |
abstract String |
getTransportLayerSecurityKeyPassPhrase()The passphrase used to retrieve the server's private key from the keystore. |
abstract byte[] |
getTransportLayerSecurityKeyPassPhraseEncrypted()The encrypted passphrase used to retrieve the local site's TLS/SSL key from the keystore. |
abstract boolean |
isForceAuthn()Specifies whether the Identity Provider must authenticate users directly and not use a previous security context. |
abstract boolean |
isIdentityProviderArtifactBindingEnabled()Specifies whether the Artifact binding is enabled for the Identity Provider. |
abstract boolean |
isIdentityProviderEnabled()Specifies whether the local site is enabled for the Identity Provider role. |
abstract boolean |
isIdentityProviderPOSTBindingEnabled()Specifies whether the POST binding is enabled for the Identity Provider. |
abstract boolean |
isIdentityProviderRedirectBindingEnabled()Specifies whether the Redirect binding is enabled for the Identity Provider. |
abstract boolean |
isPassive()Determines whether the Identity Provider and the user must not take control of the user interface from the requester and interact with the user in a noticeable fashion. |
abstract boolean |
isPOSTOneUseCheckEnabled()Specifies whether the POST one-use check is enabled. |
abstract boolean |
isRecipientCheckEnabled()Specifies whether the recipient/destination check is enabled. |
abstract boolean |
isReplicatedCacheEnabled()Specifies whether the persistent cache (LDAP or RDBMS) is used for storing SAML 2.0 artifacts and authentication requests. |
abstract boolean |
isServiceProviderArtifactBindingEnabled()Specifies whether the Artifact binding is enabled for the Service Provider. |
abstract boolean |
isServiceProviderEnabled()Specifies whether the local site is enabled for the Service Provider role. |
abstract boolean |
isServiceProviderPOSTBindingEnabled()Specifies whether the POST binding is enabled for the Service Provider. |
abstract boolean |
isSignAuthnRequests()Specifies whether authentication requests must be signed. |
abstract boolean |
isWantArtifactRequestsSigned()Specifies whether incoming artifact requests must be signed. |
abstract boolean |
isWantAssertionsSigned()Specifies whether incoming SAML 2.0 assertions must be signed. |
abstract boolean |
isWantAuthnRequestsSigned()Specifies whether incoming authentication requests must be signed. |
abstract boolean |
isWantBasicAuthClientAuthentication()Specifies whether Basic Authentication client authentication is required. |
abstract boolean |
isWantTransportLayerSecurityClientAuthentication()Specifies whether TLS/SSL client authentication is required. |
abstract void |
setArtifactMaxCacheSize(int cacheSize) |
abstract void |
setArtifactTimeout(int timeout) |
abstract void |
setAuthnRequestMaxCacheSize(int cacheSize) |
abstract void |
setAuthnRequestTimeout(int timeout) |
abstract void |
setBasicAuthPassword(String password)Sets the value of the BasicAuthPassword attribute. |
abstract void |
setBasicAuthPasswordEncrypted(byte[] passwordEncrypted)Sets the value of the BasicAuthPasswordEncrypted attribute. |
abstract void |
setBasicAuthUsername(String name)Sets Basic Authentication username |
abstract void |
setContactPersonCompany(String company)Sets the contact person company |
abstract void |
setContactPersonEmailAddress(String address)Sets the contact person e-mail address |
abstract void |
setContactPersonGivenName(String name)Sets the contact person given name |
abstract void |
setContactPersonSurName(String name)Sets the contact person surname |
abstract void |
setContactPersonTelephoneNumber(String number)Sets the contact person telephone number |
abstract void |
setContactPersonType(String type)Sets contact person type using enumeration values from SAML 2.0 metadata. |
abstract void |
setDefaultURL(String defaultURL) |
abstract void |
setEntityID(String entityID)Sets the Entity ID |
abstract void |
setForceAuthn(boolean forceAuthn)Sets the force authentication flag |
abstract void |
setIdentityProviderArtifactBindingEnabled(boolean enabled) |
abstract void |
setIdentityProviderEnabled(boolean isEnabled)Sets identity provider enabled flag |
abstract void |
setIdentityProviderPOSTBindingEnabled(boolean enabled) |
abstract void |
setIdentityProviderPreferredBinding(String binding)Binding must be one of "None", "HTTP/POST", or "HTTP/Artifact" |
abstract void |
setIdentityProviderRedirectBindingEnabled(boolean enabled) |
abstract void |
setLoginReturnQueryParameter(String queryParameter)Sets the login return query parameter |
abstract void |
setLoginURL(String loginURL)SEts the Login URL |
abstract void |
setOrganizationName(String name)Sets the organization name |
abstract void |
setOrganizationURL(String url)Sets the organization URL |
abstract void |
setPassive(boolean passive)Sets the passive flag |
abstract void |
setPOSTOneUseCheckEnabled(boolean postOneUseCheckEnabled)Set the POST one-use check enabled value. |
abstract void |
setPublishedSiteURL(String siteURL)The published site URL. |
abstract void |
setRecipientCheckEnabled(boolean postRecipientCheckEnabled)Set the POST recipient check enabled value. |
abstract void |
setReplicatedCacheEnabled(boolean replicated)Sets the Use Replicated Cache flag. |
abstract void |
setServiceProviderArtifactBindingEnabled(boolean enabled) |
abstract void |
setServiceProviderEnabled(boolean isEnabled)Sets service provider enabled flag |
abstract void |
setServiceProviderPOSTBindingEnabled(boolean enabled) |
abstract void |
setServiceProviderPreferredBinding(String binding)Binding must be one of "None", "HTTP/POST", or "HTTP/Artifact" |
abstract void |
setSignAuthnRequests(boolean signAuthnRequests)Sets the sign <AuthnRequest> documents flag |
abstract void |
setSSOSigningKeyAlias(String ssoSigningKeyAlias)Set the SSO Signing key alias. |
abstract void |
setSSOSigningKeyPassPhrase(String signingKeyPassPhrase)Sets the value of the SSOSigningKeyPassPhrase attribute. |
abstract void |
setSSOSigningKeyPassPhraseEncrypted(byte[] signingKeyPassPhraseEncrypted)Sets the value of the SSOSigningKeyPassPhraseEncrypted attribute. |
abstract void |
setTransportLayerSecurityKeyAlias(String keyAlias)Set the TLS/SSL key alias. |
abstract void |
setTransportLayerSecurityKeyPassPhrase(String keyPassPhrase)Sets the value of the TransportLayerSecurityKeyPassPhrase attribute. |
abstract void |
setTransportLayerSecurityKeyPassPhraseEncrypted(byte[] keyPassPhraseEncrypted)Sets the value of the TransportLayerSecurityKeyPassPhraseEncrypted attribute. |
abstract void |
setWantArtifactRequestsSigned(boolean wantSigned)Sets the flag that determines if <ArtifactRequest> documents will be signed |
abstract void |
setWantAssertionsSigned(boolean wantSigned)Set want assertions signed flag |
abstract void |
setWantAuthnRequestsSigned(boolean wantAuthnRequestsSigned)Determines that authentication requests must be signed. |
abstract void |
setWantBasicAuthClientAuthentication(boolean wantBA)Sets the flag that determines if Basic Authentication client authentication is wanted |
abstract void |
setWantTransportLayerSecurityClientAuthentication(boolean wantAuthentication)Sets the flag that determines if TLS/SSL client authentication is required. |
| Methods inherited from interface weblogic.management.configuration.ConfigurationMBean |
|---|
freezeCurrentValue, getId, getInheritedProperties, getName, getNotes, isDynamicallyCreated, isInherited, isSet, restoreDefaultValue, setComments, setDefaultedMBean, setName, setNotes, setPersistenceEnabled, unSet |
| Methods inherited from interface weblogic.management.WebLogicMBean |
|---|
getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent |
| Methods inherited from interface javax.management.DynamicMBean |
|---|
getAttribute, getAttributes, invoke, setAttribute, setAttributes |
| Methods inherited from interface javax.management.MBeanRegistration |
|---|
postDeregister, postRegister, preDeregister, preRegister |
| Methods inherited from interface javax.management.NotificationBroadcaster |
|---|
addNotificationListener, getNotificationInfo, removeNotificationListener |
| Methods inherited from interface weblogic.descriptor.DescriptorBean |
|---|
addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener |
| Methods inherited from interface com.bea.common.security.saml2.SingleSignOnServicesConfigSpi |
|---|
getErrorPath |
| Method Detail |
|---|
String getContactPersonGivenName()
The contact person given (first) name.
getContactPersonGivenName in interface SingleSignOnServicesConfigSpivoid setContactPersonGivenName(String name)
name - Contact person given nameString getContactPersonSurName()
The contact person surname (last name).
getContactPersonSurName in interface SingleSignOnServicesConfigSpivoid setContactPersonSurName(String name)
name - Contact person surnameString getContactPersonType()
The contact person type.
getContactPersonType in interface SingleSignOnServicesConfigSpivoid setContactPersonType(String type)
type - Contact person typeString getContactPersonCompany()
The contact person's company name.
getContactPersonCompany in interface SingleSignOnServicesConfigSpivoid setContactPersonCompany(String company)
company - Contact person companyString getContactPersonTelephoneNumber()
The contact person's telephone number.
getContactPersonTelephoneNumber in interface SingleSignOnServicesConfigSpivoid setContactPersonTelephoneNumber(String number)
number - Contact person telephone numberString getContactPersonEmailAddress()
The contact person's e-mail address.
getContactPersonEmailAddress in interface SingleSignOnServicesConfigSpivoid setContactPersonEmailAddress(String address)
address - Contact person e-mail addressString getOrganizationName()
The organization name.
This string specifies the name of the organization to which a user may refer for obtaining additional information about the local site.
getOrganizationName in interface SingleSignOnServicesConfigSpivoid setOrganizationName(String name)
name - Organization nameString getOrganizationURL()
The organization URL.
This string specifies a location to which a user may refer for information about the local site. This string is not used by SAML 2.0 services for the actual handling or processing of messages.
getOrganizationURL in interface SingleSignOnServicesConfigSpivoid setOrganizationURL(String url)
url - Organization URLString getPublishedSiteURL()
The published site URL.
When publishing SAML 2.0 metadata, this URL is used as a base URL to construct endpoint URLs for the various SAML 2.0 services. The published site URL is also used during request processing to generate and/or parse various URLs.
The hostname and port portion of the URL should be the hostname and port at which the server is visible externally; this may not be the same as the hostname and port by which the server is known locally. If you are configuring SAML 2.0 services in a cluster, the hostname and port may correspond to the load balancer or proxy server that distributes client requests to servers in the cluster.
The remainder of the URL should be a single path component corresponding to the application context at which the SAML 2.0 services application is deployed (typically /saml2).
getPublishedSiteURL in interface SingleSignOnServicesConfigSpiSingleSignOnServicesMBean.setPublishedSiteURL(String)void setPublishedSiteURL(String siteURL)
The published site URL.
When publishing SAML 2.0 metadata, this is used as a base URL to construct endpoint URLs for the various SAML 2.0 services. The published site URL is also used during request processing to generate or parse various URLs.
The hostname and port portion of the URL should be the hostname and port at which the server is externally visible; this may not be the same as the hostname and port by which the server is known locally. For example, if you are configuring SAML 2.0 services in a cluster, the hostname and port of the published site URL may correspond to the load balancer or proxy server that distributes client requests to servers in the cluster.
The remainder of the URL should be a single path component corresponding to the application context at which the SAML 2.0 services application is deployed (typically /saml2).
siteURL - The published site URL to set.String getEntityID()
The string that uniquely identifies the local site.
getEntityID in interface SingleSignOnServicesConfigSpivoid setEntityID(String entityID)
entityID - entity IDboolean isServiceProviderEnabled()
Specifies whether the local site is enabled for the Service Provider role.
This attribute must be enabled in order to publish the metadata file.
isServiceProviderEnabled in interface SingleSignOnServicesConfigSpivoid setServiceProviderEnabled(boolean isEnabled)
isEnabled - Service provider enabled flagString getDefaultURL()
The Service Provider's default URL.
When an unsolicited SSO response arrives at the Service Provider without an accompanying target URL, the user (if authenticated) is redirected to this default URL.
getDefaultURL in interface SingleSignOnServicesConfigSpivoid setDefaultURL(String defaultURL)
boolean isServiceProviderArtifactBindingEnabled()
isServiceProviderArtifactBindingEnabled in interface SingleSignOnServicesConfigSpivoid setServiceProviderArtifactBindingEnabled(boolean enabled)
boolean isServiceProviderPOSTBindingEnabled()
isServiceProviderPOSTBindingEnabled in interface SingleSignOnServicesConfigSpivoid setServiceProviderPOSTBindingEnabled(boolean enabled)
String getServiceProviderPreferredBinding()
getServiceProviderPreferredBinding in interface SingleSignOnServicesConfigSpivoid setServiceProviderPreferredBinding(String binding)
boolean isSignAuthnRequests()
Specifies whether authentication requests must be signed. If set, all outgoing authentication requests are signed.
isSignAuthnRequests in interface SingleSignOnServicesConfigSpivoid setSignAuthnRequests(boolean signAuthnRequests)
signAuthnRequests - Sign <AuthnRequest> documents flagboolean isWantAssertionsSigned()
Specifies whether incoming SAML 2.0 assertions must be signed.
isWantAssertionsSigned in interface SingleSignOnServicesConfigSpivoid setWantAssertionsSigned(boolean wantSigned)
wantSigned - Want assertions signed flagString getSSOSigningKeyAlias()
The keystore alias for the key to be used when signing documents.
The key is used to generate signatures on all the outgoing documents, such as authentication requests and responses. If you do not specify an alias, the server's configured SSL private key alias from the server's SSL configuration is used by default.
getSSOSigningKeyAlias in interface SingleSignOnServicesConfigSpivoid setSSOSigningKeyAlias(String ssoSigningKeyAlias)
ssoSigningKeyAlias - The SSO Signing key alias to set.SingleSignOnServicesMBean.getSSOSigningKeyAlias()String getSSOSigningKeyPassPhrase()
The passphrase used to retrieve the local site's SSO signing key from the keystore.
If you do not specify a keystore alias and passphrase, the server's configured private key alias and private key passphrase from the server's SSL configuration is used by default.
getSSOSigningKeyPassPhrase in interface SingleSignOnServicesConfigSpi
void setSSOSigningKeyPassPhrase(String signingKeyPassPhrase)
throws InvalidAttributeValueException
Sets the value of the SSOSigningKeyPassPhrase attribute.
When you get the value of this attribute, WebLogic Server does the following:
SSOSigningKeyPassPhraseEncrypted attribute.When you set the value of this attribute, WebLogic Server does the following:
SSOSigningKeyPassPhraseEncrypted attribute to the encrypted value.Using this attribute (SSOSigningKeyPassPhrase) is a potential security risk because the String object (which contains the unencrypted passphrase) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.
Instead of using this attribute, use getSSOSigningKeyPassPhraseEncrypted.
signingKeyPassPhrase - The signingKeyPassPhrase to set.InvalidAttributeValueExceptionbyte[] getSSOSigningKeyPassPhraseEncrypted()
The encrypted passphrase used to retrieve the local site's SSO signing key from the keystore.
To set this attribute, use weblogic.management.EncryptionHelper.encrypt() to encrypt the value. Then set this attribute to the output of the encrypt() method.
To compare a password that a user enters with the encrypted value of this attribute, go to the same WebLogic Server instance that you used to set and encrypt this attribute and use weblogic.management.EncryptionHelper.encrypt() to encrypt the user-supplied password. Then compare the encrypted values.
getSSOSigningKeyPassPhraseEncrypted in interface SingleSignOnServicesConfigSpi
void setSSOSigningKeyPassPhraseEncrypted(byte[] signingKeyPassPhraseEncrypted)
throws InvalidAttributeValueException
Sets the value of the SSOSigningKeyPassPhraseEncrypted attribute.
signingKeyPassPhraseEncrypted - The signingKeyPassPhraseEncrypted value to set.InvalidAttributeValueExceptionboolean isForceAuthn()
Specifies whether the Identity Provider must authenticate users directly and not use a previous security context. The default is false.
Note the following:
ForceAuthn to true -- that is, enabling Force Authentication -- has no effect in WebLogic Server. SAML logout is not supported in WebLogic Server, so even if the user is already authenticated at the Identity Provider site and ForceAuthn is set to true, the user is not forced to authenticate again at the Identity Provider site.ForceAuthn and IsPassive to true -- that is, Force Authentication and Passive are enabled -- is an invalid configuration that causes WebLogic server to generate an exception and also causes the single sign-on session to fail.isForceAuthn in interface SingleSignOnServicesConfigSpivoid setForceAuthn(boolean forceAuthn)
forceAuthn - Force authentication flagboolean isPassive()
Determines whether the Identity Provider and the user must not take control of the user interface from the requester and interact with the user in a noticeable fashion. The default setting is false.
The WebLogic Server SAML 2.0 services generate an exception if Passive (IsPassive) is enabled and the end user is not already authenticated at the Identity Provider site. In this situation, web single sign-on fails.
isPassive in interface SingleSignOnServicesConfigSpivoid setPassive(boolean passive)
passive - passive flagboolean isIdentityProviderEnabled()
Specifies whether the local site is enabled for the Identity Provider role.
isIdentityProviderEnabled in interface SingleSignOnServicesConfigSpivoid setIdentityProviderEnabled(boolean isEnabled)
isEnabled - Identity provider enabled flagboolean isIdentityProviderArtifactBindingEnabled()
Specifies whether the Artifact binding is enabled for the Identity Provider.
isIdentityProviderArtifactBindingEnabled in interface SingleSignOnServicesConfigSpivoid setIdentityProviderArtifactBindingEnabled(boolean enabled)
boolean isIdentityProviderPOSTBindingEnabled()
Specifies whether the POST binding is enabled for the Identity Provider.
isIdentityProviderPOSTBindingEnabled in interface SingleSignOnServicesConfigSpivoid setIdentityProviderPOSTBindingEnabled(boolean enabled)
boolean isIdentityProviderRedirectBindingEnabled()
Specifies whether the Redirect binding is enabled for the Identity Provider.
isIdentityProviderRedirectBindingEnabled in interface SingleSignOnServicesConfigSpivoid setIdentityProviderRedirectBindingEnabled(boolean enabled)
String getIdentityProviderPreferredBinding()
Specifies the preferred binding type for endpoints of the Identity Provider services. Must be set to None, HTTP/POST, HTTP/Artifact, or HTTP/Redirect.
getIdentityProviderPreferredBinding in interface SingleSignOnServicesConfigSpivoid setIdentityProviderPreferredBinding(String binding)
String getLoginURL()
The URL of the login form web application to which unauthenticated requests are directed.
By default, the login URL is /saml2/idp/login using Basic authentication. Typically you specify this URL if you are using a custom login web application.
getLoginURL in interface SingleSignOnServicesConfigSpivoid setLoginURL(String loginURL)
loginURL - login URLString getLoginReturnQueryParameter()
getLoginReturnQueryParameter in interface SingleSignOnServicesConfigSpivoid setLoginReturnQueryParameter(String queryParameter)
queryParameter - login return query parameterboolean isWantAuthnRequestsSigned()
isWantAuthnRequestsSigned in interface SingleSignOnServicesConfigSpivoid setWantAuthnRequestsSigned(boolean wantAuthnRequestsSigned)
wantAuthnRequestsSigned - WAnt <AuthnRequest> documents signed flagboolean isRecipientCheckEnabled()
Specifies whether the recipient/destination check is enabled. When true, the recipient of the SAML Request/Response must match the URL in the HTTP Request.
isRecipientCheckEnabled in interface SingleSignOnServicesConfigSpi
void setRecipientCheckEnabled(boolean postRecipientCheckEnabled)
throws InvalidAttributeValueException
Set the POST recipient check enabled value.
postRecipientCheckEnabled - The POST recipient check enabled value to set.InvalidAttributeValueExceptionboolean isPOSTOneUseCheckEnabled()
Specifies whether the POST one-use check is enabled.
If set, the local site POST binding endpoints will store identifiers of all inbound documents to ensure that those documents are not presented more than once.
isPOSTOneUseCheckEnabled in interface SingleSignOnServicesConfigSpi
void setPOSTOneUseCheckEnabled(boolean postOneUseCheckEnabled)
throws InvalidAttributeValueException
Set the POST one-use check enabled value.
postOneUseCheckEnabled - The POST one-use check enabled value to set.InvalidAttributeValueExceptionString getTransportLayerSecurityKeyAlias()
The string alias used to store and retrieve the server's private key, which is used to establish outgoing TLS/SSL connections.
If you do not specify an alias, the server's configured SSL private key alias from the server's SSL configuration is used for the TLS alias by default.
getTransportLayerSecurityKeyAlias in interface SingleSignOnServicesConfigSpivoid setTransportLayerSecurityKeyAlias(String keyAlias)
keyAlias - The key alias to set.SingleSignOnServicesMBean.getTransportLayerSecurityKeyAlias()String getTransportLayerSecurityKeyPassPhrase()
The passphrase used to retrieve the server's private key from the keystore.
If you do not specify either an alias or a passphrase, the server's configured SSL private key alias and private key passphrase from the server's SSL configuration is used for the TLS alias and passphrase by default.
getTransportLayerSecurityKeyPassPhrase in interface SingleSignOnServicesConfigSpi
void setTransportLayerSecurityKeyPassPhrase(String keyPassPhrase)
throws InvalidAttributeValueException
Sets the value of the TransportLayerSecurityKeyPassPhrase attribute.
When you get the value of this attribute, WebLogic Server does the following:
TransportLayerSecurityKeyPassPhraseEncrypted attribute.When you set the value of this attribute, WebLogic Server does the following:
TransportLayerSecurityKeyPassPhraseEncrypted attribute to the encrypted value.Using this attribute (TransportLayerSecurityKeyPassPhrase) is a potential security risk because the String object (which contains the unencrypted passphrase) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.
Instead of using this attribute, use getTransportLayerSecurityKeyPassPhraseEncrypted.
keyPassPhrase - The key PassPhrase to set.InvalidAttributeValueExceptionbyte[] getTransportLayerSecurityKeyPassPhraseEncrypted()
The encrypted passphrase used to retrieve the local site's TLS/SSL key from the keystore.
To set this attribute, use weblogic.management.EncryptionHelper.encrypt() to encrypt the value. Then set this attribute to the output of the encrypt() method.
To compare a password that a user enters with the encrypted value of this attribute, go to the same WebLogic Server instance that you used to set and encrypt this attribute and use weblogic.management.EncryptionHelper.encrypt() to encrypt the user-supplied password. Then compare the encrypted values.
getTransportLayerSecurityKeyPassPhraseEncrypted in interface SingleSignOnServicesConfigSpi
void setTransportLayerSecurityKeyPassPhraseEncrypted(byte[] keyPassPhraseEncrypted)
throws InvalidAttributeValueException
Sets the value of the TransportLayerSecurityKeyPassPhraseEncrypted attribute.
keyPassPhraseEncrypted - The keyPassPhraseEncrypted value to set.InvalidAttributeValueExceptionString getBasicAuthUsername()
getBasicAuthUsername in interface SingleSignOnServicesConfigSpivoid setBasicAuthUsername(String name)
name - UsernameString getBasicAuthPassword()
The password used to assign Basic Authentication credentials to outgoing HTTPS connections
getBasicAuthPassword in interface SingleSignOnServicesConfigSpi
void setBasicAuthPassword(String password)
throws InvalidAttributeValueException
Sets the value of the BasicAuthPassword attribute.
When you get the value of this attribute, WebLogic Server does the following:
BasicAuthPasswordEncrypted attribute.When you set the value of this attribute, WebLogic Server does the following:
BasicAuthPasswordEncrypted attribute to the encrypted value.Using this attribute (BasicAuthPassword) is a potential security risk because the String object (which contains the unencrypted passphrase) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.
Instead of using this attribute, use getBasicAuthPasswordEncrypted.
password - The password to set.InvalidAttributeValueExceptionbyte[] getBasicAuthPasswordEncrypted()
The encrypted password used assign Basic Authentication credentials to outgoing HTTPS connections.
To set this attribute, use weblogic.management.EncryptionHelper.encrypt() to encrypt the value. Then set this attribute to the output of the encrypt() method.
To compare a password that a user enters with the encrypted value of this attribute, go to the same WebLogic Server instance that you used to set and encrypt this attribute and use weblogic.management.EncryptionHelper.encrypt() to encrypt the user-supplied password. Then compare the encrypted values.
getBasicAuthPasswordEncrypted in interface SingleSignOnServicesConfigSpi
void setBasicAuthPasswordEncrypted(byte[] passwordEncrypted)
throws InvalidAttributeValueException
Sets the value of the BasicAuthPasswordEncrypted attribute.
passwordEncrypted - The passwordEncrypted value to set.InvalidAttributeValueExceptionboolean isWantArtifactRequestsSigned()
Specifies whether incoming artifact requests must be signed.
This attribute can be set if the Artifact binding is enabled.
isWantArtifactRequestsSigned in interface SingleSignOnServicesConfigSpivoid setWantArtifactRequestsSigned(boolean wantSigned)
wantSigned - Want <ArtifactRequest> documents signed flagboolean isWantTransportLayerSecurityClientAuthentication()
Specifies whether TLS/SSL client authentication is required.
If enabled, callers to TLS/SSL bindings of the local site must specify client authentication (two-way SSL), and the identity specified must validate against the TLS certificate of the binding client partner.
isWantTransportLayerSecurityClientAuthentication in interface SingleSignOnServicesConfigSpivoid setWantTransportLayerSecurityClientAuthentication(boolean wantAuthentication)
wantAuthentication - Want TLS/SSL client authentication flagboolean isWantBasicAuthClientAuthentication()
Specifies whether Basic Authentication client authentication is required.
If enabled, callers to HTTPS bindings of the local site must specify a Basic authentication header, and the username and password must be validated against the Basic authentication values of the binding client partner.
isWantBasicAuthClientAuthentication in interface SingleSignOnServicesConfigSpivoid setWantBasicAuthClientAuthentication(boolean wantBA)
wantBA - want Basic Authentication client authentication flagint getAuthnRequestMaxCacheSize()
The maximum size of the authentication request cache.
This cache stores documents issued by the local Service Provider that are awaiting response from a partner Identity Provider.
Specify '0' to indicate that the cache is unbounded.
getAuthnRequestMaxCacheSize in interface SingleSignOnServicesConfigSpivoid setAuthnRequestMaxCacheSize(int cacheSize)
int getAuthnRequestTimeout()
The maximum timeout (in seconds) of <AuthnRequest> documents stored in the local cache.
This cache stores documents issued by the local Service provider that are awaiting response from a partner Identity Provider. Documents that reach this maximum timeout duration are expired from the local cache even if no response is received from the Identity Provider. If a response is subsequently returned by the Identity Provider, the cache behaves as if the <AuthnRequest> had never been generated.
getAuthnRequestTimeout in interface SingleSignOnServicesConfigSpivoid setAuthnRequestTimeout(int timeout)
int getArtifactMaxCacheSize()
The maximum size of the artifact cache.
This cache contains the artifacts issued by the local site that are awaiting referencing by a partner. Specify '0' to indicate that the cache is unbounded.
getArtifactMaxCacheSize in interface SingleSignOnServicesConfigSpivoid setArtifactMaxCacheSize(int cacheSize)
int getArtifactTimeout()
The maximum timeout (in seconds) of artifacts stored in the local cache.
This cache stores artifacts issued by the local site that are awaiting referencing by a partner. Artifacts that reach this maximum timeout duration are expired in the local cache even if no reference request has been received from the partner. If a reference request is subsequently received from the partner, the cache behaves as if the artifact had never been generated.
getArtifactTimeout in interface SingleSignOnServicesConfigSpivoid setArtifactTimeout(int timeout)
boolean isReplicatedCacheEnabled()
Specifies whether the persistent cache (LDAP or RDBMS) is used for storing SAML 2.0 artifacts and authentication requests.
RDBMS is required by the SAML 2.0 security providers in production environments. Use LDAP only in development environments.
If this is not set, artifacts and requests are saved in memory.
If you are configuring SAML 2.0 services for two or more WebLogic Server instances in a domain, you must enable the replicated cache individually on each server. In addition, if you are configuring SAML 2.0 services in a cluster, each Managed Server must also be configured individually.
isReplicatedCacheEnabled in interface SingleSignOnServicesConfigSpivoid setReplicatedCacheEnabled(boolean replicated)
replicated - Use Replicated Cache flag
|
Copyright 1996, 2015, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Fusion Middleware Java API Reference for Oracle WebLogic Server 12c (12.2.1) Part Number E55141-01 P4 Change 1723563 on 2015/10/09 |
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||