Administration Console Online Help

SAML 2.0 Credential Mapping Provider: Provider Specific

Configuration Options     Related Tasks     Related Topics

Use this page to configure provider-specific information for this SAML 2.0 Credential Mapping provider.

Configuration Options

Name	Description
Issuer URI	The Issuer URI, or name, of this SAML 2.0 Credential Mapping provider. The value that you specify for Issuer URI should match the Entity ID specified in the SAML 2.0 General page that configures the per server SAML 2.0 properties. For more information about this attribute, see the description of the getIssuerURI method on the following interface: com.bea.security.saml2.providers.SAML2CredentialMapperMBean
Name Qualifier	The Name Qualifier value used by the Name Mapper. The value of the Name Qualifier is the security or administrative domain that qualifies the name of the subject. This provides a means to federate names from disparate user stores while avoiding the possibility of subject name collision. For more information about this attribute, see the description of the getNameQualifier method on the following interface: com.bea.security.saml2.providers.SAML2CredentialMapperMBean
Default Time To Live	The time in seconds that, by default, an assertion should remain valid. The default value is 120 seconds (2 minutes). If the value is zero, then assertions have an infinite lifetime. Using assertions with an infinite lifetime is not recommended, however. For more information about this attribute, see the description of the getDefaultTimeToLive method on the following interface: com.bea.security.saml2.providers.SAML2CredentialMapperMBean Minimum value: 0
Default Time To Live Offset	The time factor you can use to allow the Credential Mapping provider to compensate for clock differences between the Identity Provider and Service Provider sites. The value is a positive or negative integer representing seconds. Default value is -5. Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). This value is a positive or negative integer indicating how many seconds before or after "now" to which the assertion's NotBefore should be set. If you set a value for DefaultTimeToLiveOffset, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + TimeToLiveOffset). As a result, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now. For more information about this attribute, see the description of the getDefaultTimeToLiveOffset method on the following interface: com.bea.security.saml2.providers.SAML2CredentialMapperMBean
Web Service Assertion Signing Key Alias	The alias used to retrieve from the keystore the key that is used to sign assertions. This attribute is used for Web Services support of SAML Token Profile only. For more information about this attribute, see the description of the setSigningKeyAlias method on the following interface: com.bea.security.saml2.providers.SAML2CredentialMapperMBean
Web Service Assertion Signing Key Pass Phrase	The credential, or password, used to retrieve from the keystore the keys used to sign assertions. This attribute is used for Web Services support of SAML Token Profile only. For more information about this attribute, see the description of the setSigningKeyPassphrase method on the following interface: com.bea.security.saml2.providers.SAML2CredentialMapperMBean
Name Mapper Class Name	The Java class that overrides the default SAML 2.0 credential mapper name mapper class, which maps Subjects to identity information contained in the assertion. For more information about this attribute, see the description of the setNameMapperClassName method on the following interface: com.bea.security.saml2.providers.SAML2CredentialMapperMBean
Generate Attributes	Specifies whether information, in addition to the username, will be generated in the SAML 2.0 assertion. For example, group information. Note that the Service Provider partner needs to have a SAML Authentication provider configured to be able to extract and use the attribute information contained in the assertion. For more information about this attribute, see the description of the setGenerateAttributes method on the following interface: com.bea.security.saml2.providers.SAML2CredentialMapperMBean

Related Tasks

• Configure Credential Mapping Providers
• Manage security providers
• Configure SAML 2.0 general services
• Configure SAML 2.0 Identity Provider services

Related Topics

• API description of the com.bea.security.saml2.providers.SAML2CredentialMapperMBean interface
• Configuring Single Sign-On with Web Browsers and HTTP Clients
• Using Security Assertion Markup Language (SAML) Tokens For Identity
• Configuring a SAML 2.0 Credential Mapping Provider
• Understanding Security for Oracle WebLogic Server