SAMLCredentialMapperV2MBean

Overview | Related MBeans | Attributes | Operations

Overview

This MBean represents configuration information for the SAML Credential Mapper V2 provider.

Fully Qualified Interface Name If you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:
weblogic.security.providers.saml.SAMLCredentialMapperV2MBean

Factory Methods No factory methods. Instances of this MBean are created automatically.

Access Points Inherited from CredentialMapperMBean

Because this MBean extends or implements CredentialMapperMBean, you can also access this MBean by retrieving CredentialMapperMBeans. The following attributes contain CredentialMapperMBeans and its subtypes:

RealmMBean.CredentialMappers

Related MBeans

This section describes attributes that provide access to other MBeans.

Realm

Realm

Returns the realm that contains this security provider. Returns null if this security provider is not contained by a realm.

Privileges	Read only
Type	RealmMBean
Relationship type:	Reference.

Attributes

This section describes the following attributes:

CredCacheMinViableTTL
CredCacheSize
DefaultTimeToLive
DefaultTimeToLiveDelta
Description
IssuerURI
MinimumParserPoolSize
Name
NameMapperClassName
NameQualifier

ProviderClassName
SigningKeyAlias
SigningKeyPassPhrase
SigningKeyPassPhraseEncrypted
SupportedExportConstraints
SupportedExportFormats
SupportedImportConstraints
SupportedImportFormats
Version

CredCacheMinViableTTL

If an entry in the cache has less time to live than this value, the corresponding assertion will not be used. Instead, a new assertion will be generated.

This attribute avoids the situation where an assertion is returned from the cache but expires before it can be evaluated at its destination. If the cached assertion's remaining time-to-live is too short, it will not be used.

Privileges	Read/Write
Type	int
Default Value	20
Minimum value	0

CredCacheSize

The size of the cache used to store assertion credentials.

The cache stores assertion credentials so that requests for the same assertion may return a result from cache, rather than generate a new assertion. This can improve performance in cases where an application may make multiple requests for the same assertion, for the same user, within a short period of time.

Privileges	Read/Write
Type	int
Default Value	0
Minimum value	0

DefaultTimeToLive

Time in seconds that, by default, an assertion should remain valid.

If the value is zero, then assertions have an infinite lifetime. Using assertions with an infinite lifetime is not recommended, however.

Privileges	Read/Write
Type	int
Default Value	120
Minimum value	0

DefaultTimeToLiveDelta

A time factor you can use to allow the Credential Mapper to compensate for clock differences between the source and destination sites. The value is a positive or negative integer representing seconds.

Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). This value is a positive or negative integer indicating how many seconds before or after "now" the assertions NotBefore should be set to. If you set a value for DefaultTimeToLiveDelta, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + TimeToLiveDelta). So, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now. This allows the Credential Mapper to compensate for clock differences between the source and destination sites. The default can be overridden for specific assertions.

Privileges	Read/Write
Type	int
Default Value	0

Description

A short description of the SAML Credential Mapper V2 provider.

Privileges	Read only
Type	java.lang.String
Default Value	WebLogic SAML Credential Mapping Provider. Supports Security Assertion Markup Language v1.1.
Redeploy or Restart required	Changes take effect after you redeploy the module or restart the server.

IssuerURI

The Issuer URI (name) of this SAML Authority.

Privileges	Read/Write
Type	java.lang.String
Default Value

MinimumParserPoolSize

The minimum number of parsers to maintain in the parser pool.

Privileges	Read/Write
Type	int
Default Value	5
Minimum value	0

Name

Privileges	Read only
Type	java.lang.String
Default Value	SAMLCredentialMapperV2
Redeploy or Restart required	Changes take effect after you redeploy the module or restart the server.

NameMapperClassName

The name of the Java class that maps Subjects to SAML Assertion name information. When no mapper is specified, the default mapper implementation is used.

When you configure a SAML Relying Party, using the Management tab, you can set a Name Mapper Class specific to that Relying Party, which will override the default value you set here.

Privileges	Read/Write
Type	java.lang.String
Default Value

NameQualifier

The Name Qualifier value used by the Name Mapper.

The value of the Name Qualifier is the security or administrative domain that qualifies the name of the subject. This provides a means to federate names from disparate user stores while avoiding the possibility of subject name collision.

Privileges	Read/Write
Type	java.lang.String
Default Value

ProviderClassName

The name of the Java class used to load the SAML Credential Mapper V2 provider.

Privileges	Read only
Type	java.lang.String
Default Value	weblogic.security.providers.saml.SAMLCredentialMapperV2ProviderImpl
Redeploy or Restart required	Changes take effect after you redeploy the module or restart the server.

SigningKeyAlias

The alias used to retrieve from the keystore the key that is used to sign assertions.

Privileges	Read/Write
Type	java.lang.String
Default Value

SigningKeyPassPhrase

The credential (password) used to retrieve from the keystore the keys used to sign assertions.

Privileges	Read/Write
Type	java.lang.String
Default Value
Encrypted	true

SigningKeyPassPhraseEncrypted

Privileges	Read/Write
Type	byte[]
Encrypted	true

SupportedExportConstraints

A SAML Partner Registry can export all partners, no partners, only enabled partners, only disabled partners or a list of partners. It can export all certificates, no certificates, only certificates referenced by partners, or a list of certificates.

Privileges	Read only
Type	class java.lang.String[]
Default Value	Partners Certificates Passwords
Redeploy or Restart required	Changes take effect after you redeploy the module or restart the server.

SupportedExportFormats

A SAML Partner Registry may be exported as an XML document.

Privileges	Read only
Type	class java.lang.String[]
Default Value	XML Partner Registry JKS KeyStore LDIF Template
Redeploy or Restart required	Changes take effect after you redeploy the module or restart the server.

SupportedImportConstraints

A SAML Partner Registry can import all partners, no partners, only enabled partners, only disabled partners or a list of partners. It can import all certificates, no certificates, only certificates referenced by partners, or a list of certificates. The import mode can be rename, replace or fail for conflict resolution.

Privileges	Read only
Type	class java.lang.String[]
Default Value	Partners Certificates ImportMode
Redeploy or Restart required	Changes take effect after you redeploy the module or restart the server.

SupportedImportFormats

A SAML Partner Registry can import partner information and certificates from an XML document.

Privileges	Read only
Type	class java.lang.String[]
Default Value	XML Partner Registry JKS KeyStore
Redeploy or Restart required	Changes take effect after you redeploy the module or restart the server.

Version

The version number of the SAML Credential Mapper V2 provider.

Privileges	Read only
Type	java.lang.String
Default Value	2.0
Redeploy or Restart required	Changes take effect after you redeploy the module or restart the server.

Operations

This section describes the following operations:

addRelyingParty
advance
certificateExists
close
copyToDER
copyToPEM
exportData
getCertificate
getCurrentName
getRelyingParty
haveCurrent
importData

isSet
listCertificates
listRelyingParties
newRelyingParty
registerCertificate
relyingPartyExists
removeRelyingParty
unregisterCertificate
unSet
updateRelyingParty
wls_getDisplayName

addRelyingParty

Adds a new SAMLRelyingParty to the registry. Throws InvalidParameterException if the partner object fails validation. Throws CreateException if an error occurs during creation of the object.

Operation Name	`"addRelyingParty"`
Parameters	`Object [] { relyingParty }` where: `relyingParty` is an object of type `weblogic.security.providers.saml.registry.SAMLRelyingParty` that specifies: - The new relying party to add.
Signature	`String [] { "weblogic.security.providers.saml.registry.SAMLRelyingParty" }`
Returns	`void`
Exceptions	`weblogic.management.utils.InvalidParameterException` `weblogic.management.utils.CreateException`

advance

Advances the list to the next element in the list.

Operation Name	`"advance"`
Parameters	`Object [] { cursor }` where: `cursor` is an object of type `java.lang.String` that specifies: - The cursor returned from a previous list method.
Signature	`String [] { "java.lang.String" }`
Returns	`void`
Exceptions	`weblogic.management.utils.InvalidCursorException`

certificateExists

Determines whether or not a certificate has been registered under the given alias. Returns true if a certificate is registered under that alias, false if not. Throws InvalidParameterException if alias is empty or null.

Operation Name	`"certificateExists"`
Parameters	`Object [] { alias }` where: `alias` is an object of type `java.lang.String` that specifies: - The alias the certificate is registered under. It must not be empty or null. Aliases are case-insensitive.
Signature	`String [] { "java.lang.String" }`
Returns	`boolean`
Exceptions	`weblogic.management.utils.InvalidParameterException`

close

Indicates that the caller is finished using the list, and that the resources held on behalf of the list may be released. If the caller traverses through all the elements in the list, the caller need not call this method. In other words, it is used to let the caller close the list without reading each element that is returned.

Operation Name	`"close"`
Parameters	`Object [] { cursor }` where: `cursor` is an object of type `java.lang.String` that specifies: - The cursor returned from a previous list method.
Signature	`String [] { "java.lang.String" }`
Returns	`void`
Exceptions	`weblogic.management.utils.InvalidCursorException`

copyToDER

Writes a certificate in the registry to a file in DER binary format. Throws NotFoundException if the alias does not exist in the registry. Throws InvalidParameterException if alias or certificateFile is empty or null or if the file cannot be written to.

Operation Name	`"copyToDER"`
Parameters	`Object [] { alias, certificateFile }` where: `alias` is an object of type `java.lang.String` that specifies: - The alias the certificate is registered under. It must not be empty or null. Aliases are case-insensitive. `certificateFile` is an object of type `java.lang.String` that specifies: - The pathname (relative to the directory the admin server is booted from) of the file to write the certificate to.
Signature	`String [] { "java.lang.String", "java.lang.String" }`
Returns	`void`
Exceptions	`weblogic.management.utils.NotFoundException` `weblogic.management.utils.InvalidParameterException`

copyToPEM

Writes a certificate in the registry to a file in PEM base64 encoded format. Throws NotFoundException if the alias does not exist in the registry. Throws InvalidParameterException if alias or certificateFile is empty or null or if the file cannot be written to.

Operation Name	`"copyToPEM"`
Parameters	`Object [] { alias, certificateFile }` where: `alias` is an object of type `java.lang.String` that specifies: - The alias the certificate is registered under. It must not be empty or null. Aliases are case-insensitive. `certificateFile` is an object of type `java.lang.String` that specifies: - The pathname (relative to the directory the admin server is booted from) of the file to write the certificate to.
Signature	`String [] { "java.lang.String", "java.lang.String" }`
Returns	`void`
Exceptions	`weblogic.management.utils.NotFoundException` `weblogic.management.utils.InvalidParameterException`

exportData

Exports provider specific data in a specified format. When errors occur, the MBean throws an ErrorCollectionException containing a list of java.lang.Exceptions, where the text of each exception describes the error.

Operation Name	`"exportData"`
Parameters	`Object [] { format, filename, constraints }` where: `format` is an object of type `java.lang.String` that specifies: - The format for exporting provider specific data. `filename` is an object of type `java.lang.String` that specifies: - The full path to the filename used to write data. `constraints` is an object of type `java.util.Properties` that specifies: - The constraints to be used when exporting data. A null value indicates that all data will be exported.
Signature	`String [] { "java.lang.String", "java.lang.String", "java.util.Properties" }`
Returns	`void`
Exceptions	`weblogic.management.utils.InvalidParameterException` `weblogic.management.utils.ErrorCollectionException`

getCertificate

Retrieves a certificate from the registry. Returns the certificate. Throws NotFoundException if alias does not exist in the registry. Throws InvalidParameterException if alias is empty or null.

Operation Name	`"getCertificate"`
Parameters	`Object [] { alias }` where: `alias` is an object of type `java.lang.String` that specifies: - The alias the certificate is registered under. It must not be empty or null. Aliases are case-insensitive.
Signature	`String [] { "java.lang.String" }`
Returns	`X509Certificate`
Exceptions	`weblogic.management.utils.NotFoundException` `weblogic.management.utils.InvalidParameterException`

getCurrentName

The name of the current item in the list. Returns null if there is no current item.

Operation Name	`"getCurrentName"`
Parameters	`Object [] { cursor }` where: `cursor` is an object of type `java.lang.String` that specifies: - The cursor returned from a previous list method.
Signature	`String [] { "java.lang.String" }`
Returns	`String`
Exceptions	`weblogic.management.utils.InvalidCursorException`

getRelyingParty

Gets the SAMLRelyingParty corresponding to a partnerId. Throws NotFoundException if the relying party is not found. Throws InvalidParameterException if partnerId is empty or null.

Operation Name	`"getRelyingParty"`
Parameters	`Object [] { partnerId }` where: `partnerId` is an object of type `java.lang.String` that specifies: - The partnerId of the relying party to return.
Signature	`String [] { "java.lang.String" }`
Returns	`SAMLRelyingParty`
Exceptions	`weblogic.management.utils.NotFoundException` `weblogic.management.utils.InvalidParameterException`

haveCurrent

Returns true if there are more objects in the list, and false otherwise.

Operation Name	`"haveCurrent"`
Parameters	`Object [] { cursor }` where: `cursor` is an object of type `java.lang.String` that specifies: - The cursor returned from a previous list method.
Signature	`String [] { "java.lang.String" }`
Returns	`boolean`
Exceptions	`weblogic.management.utils.InvalidCursorException`

importData

Imports provider specific data from a specified format. When errors occur, the MBean throws an ErrorCollectionException containing a list of java.lang.Exceptions, where the text of each exception describes the error.

Operation Name	`"importData"`
Parameters	`Object [] { format, filename, constraints }` where: `format` is an object of type `java.lang.String` that specifies: - The format for importing provider specific data. `filename` is an object of type `java.lang.String` that specifies: - The full path to the filename used to read data. `constraints` is an object of type `java.util.Properties` that specifies: - The constraints to be used when importing data. A null value indicates that all data will be imported.
Signature	`String [] { "java.lang.String", "java.lang.String", "java.util.Properties" }`
Returns	`void`
Exceptions	`weblogic.management.utils.InvalidParameterException` `weblogic.management.utils.ErrorCollectionException`

isSet

Returns true if the specified attribute has been set explicitly in this MBean instance.

Operation Name	`"isSet"`
Parameters	`Object [] { propertyName }` where: `propertyName` is an object of type `java.lang.String` that specifies: property to check
Signature	`String [] { "java.lang.String" }`
Returns	`boolean`
Exceptions	`java.lang.IllegalArgumentException`

listCertificates

Lists the registered certificate aliases that match a wild card. It follows the NameListerMBean cursor pattern. The results are not sorted. Returns a String containing a cursor that may be passed into the NameListerMBean methods to read the list. The getCurrentName method returns the current alias on the list. Throws InvalidParameterException if aliasWildcard is empty or null or if maxToReturn is less than zero.

Operation Name	`"listCertificates"`
Parameters	`Object [] { aliasWildcard, maxToReturn }` where: `aliasWildcard` is an object of type `java.lang.String` that specifies: - A wild card used to select aliases. It supports three formats: "" matches all aliases. "foo" matches all aliases starting with the string "foo". "foo" matches the alias "foo" only. The matches are case-insensitive. `maxToReturn` is an object of type `java.lang.Integer` that specifies: - The maximum number of aliases this method may return. If there are more matches than this maximum, then the returned results are arbitrary because this method does not sort the results. Set this parameter to zero to return all matching aliases.
Signature	`String [] { "java.lang.String", "java.lang.Integer" }`
Returns	`String`
Exceptions	`weblogic.management.utils.InvalidCursorException` `weblogic.management.utils.InvalidParameterException`

listRelyingParties

Lists the registered partnerIds that match a wild card. It follows the NameListerMBean cursor pattern. The results are not sorted. Returns a String containing a cursor that may be passed into the NameListerMBean methods to read the list. The getCurrentName method returns the current alias on the list. Throws InvalidParameterException if partnerIdWildcard is empty or null or if maxToReturn is less than zero.

Operation Name	`"listRelyingParties"`
Parameters	`Object [] { partnerIdWildcard, maxToReturn }` where: `partnerIdWildcard` is an object of type `java.lang.String` that specifies: - A wild card used to select partnerIds. It supports three formats: "" matches all partnerIds. "foo" matches all partnerIds starting with the string "foo". "foo" matches the partnerId "foo" only. The matches are case-insensitive. `maxToReturn` is an object of type `java.lang.Integer` that specifies: - The maximum number of partnerIds this method may return. If there are more matches than this maximum, then the returned results are arbitrary because this method does not sort the results. Set this parameter to zero to return all matching aliases.
Signature	`String [] { "java.lang.String", "java.lang.Integer" }`
Returns	`String`
Exceptions	`weblogic.management.utils.InvalidCursorException` `weblogic.management.utils.InvalidParameterException`

newRelyingParty

Returns a new SAMLRelyingParty object. Caller can set the fields of this object and then call addRelyingParty() to add the new relying party to the registry. Relying party objects obtained from this method should not be passed to updateRelyingParty() -- call getRelyingParty() to fetch an existing relying party for update.

Operation Name	`"newRelyingParty"`
Parameters	`null`
Signature	`null`
Returns	`SAMLRelyingParty`

registerCertificate

Registers an end certificate in the registry under an alias. Throws AlreadyExistsException if the alias is already in the registry or if another certificate with the same subject dn, or issuer dn + serial number, or subject key identifier is already in the registry. Throws InvalidParameterException if the alias or certificateFile is empty or null or if the file does not exist or cannot be read.

Operation Name	`"registerCertificate"`
Parameters	`Object [] { alias, certificateFile }` where: `alias` is an object of type `java.lang.String` that specifies: - The alias to register the certificate under. It must not be empty or null. Aliases are case-insensitive. `certificateFile` is an object of type `java.lang.String` that specifies: - The pathname (relative to the directory the admin server is booted from) of a PEM or DER file containing the certificate to be registered.
Signature	`String [] { "java.lang.String", "java.lang.String" }`
Returns	`void`
Exceptions	`weblogic.management.utils.AlreadyExistsException` `weblogic.management.utils.InvalidParameterException`

relyingPartyExists

Determines whether or not a relying party exists for the given partnerId. Returns true if the relying party is found, false if not. Throws InvalidParameterException if partnerId is empty or null.

Operation Name	`"relyingPartyExists"`
Parameters	`Object [] { partnerId }` where: `partnerId` is an object of type `java.lang.String` that specifies: - The partnerId of the relying party.
Signature	`String [] { "java.lang.String" }`
Returns	`boolean`
Exceptions	`weblogic.management.utils.InvalidParameterException`

removeRelyingParty

Removes a SAMLRelyingParty from the registry. Throws NotFoundException if the relying party does not exist. Throws InvalidParameterException if the partnerId is empty or null.

Operation Name	`"removeRelyingParty"`
Parameters	`Object [] { partnerId }` where: `partnerId` is an object of type `java.lang.String` that specifies: - The partnerId of the relying party to remove.
Signature	`String [] { "java.lang.String" }`
Returns	`void`
Exceptions	`weblogic.management.utils.NotFoundException` `weblogic.management.utils.InvalidParameterException`

unregisterCertificate

Unregisters an end certificate from the registry. Throws NotFoundException if alias does not exist in the registry. Throws InvalidParameterException if alias is empty or null.

Operation Name	`"unregisterCertificate"`
Parameters	`Object [] { alias }` where: `alias` is an object of type `java.lang.String` that specifies: - The alias the certificate is registered under. It must not be empty or null. Aliases are case-insensitive.
Signature	`String [] { "java.lang.String" }`
Returns	`void`
Exceptions	`weblogic.management.utils.NotFoundException` `weblogic.management.utils.InvalidParameterException`

unSet

Restore the given property to its default value.

Operation Name	`"unSet"`
Parameters	`Object [] { propertyName }` where: `propertyName` is an object of type `java.lang.String` that specifies: property to restore
Signature	`String [] { "java.lang.String" }`
Returns	`void`
Exceptions	`java.lang.IllegalArgumentException` UnsupportedOperationException if called on a runtime implementation.

updateRelyingParty

Updates a SAMLRelyingParty in the registry. Throws NotFoundException if the relying party does not exist. Throws InvalidParameterException if the partner object fails validation.

Operation Name	`"updateRelyingParty"`
Parameters	`Object [] { relyingParty }` where: `relyingParty` is an object of type `weblogic.security.providers.saml.registry.SAMLRelyingParty` that specifies: - The relying party to update.
Signature	`String [] { "weblogic.security.providers.saml.registry.SAMLRelyingParty" }`
Returns	`void`
Exceptions	`weblogic.management.utils.NotFoundException` `weblogic.management.utils.InvalidParameterException`

wls_getDisplayName

Operation Name	`"wls_getDisplayName"`
Parameters	`null`
Signature	`null`
Returns	`String`