| |
SAML 2.0 Identity Asserter: Web Single Sign-on Identity Provider Partner: General
Configuration Options Related Tasks Related Topics
Configures a SAML 2.0 Web Single Sign-on Identity Provider Partner's General Properties
The parameters that can be set on this Administration Console page can also be accessed programmatically via the Java interfaces that are identified in this help topic. For API information about those interfaces, see Related Topics.
Configuration Options
Name Description Name The name of this Identity Provider partner.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.Partnerinterface.Enabled Specifies whether interactions with this Identity Provider partner are enabled on this server.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.Partnerinterface.Description A short description of this Identity Provider partner.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.Partnerinterface.Identity Provider Name Mapper Class Name The Java class that overrides the default username mapper class with which the SAML 2.0 Identity Asserter provider is configured in this security realm.
If specified, this class is a custom implementation of the
com.bea.security.saml2.providers.SAML2IdentityAsserterNameMapperinterface and is used for assertions received from this specific Identity Provider partner.Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.IdPPartnerinterface.Issuer URI The Issuer URI of this Identity Provider partner.
The Issuer URI corresponds to the Entity ID contained in the metadata file received from this Identity Provider partner.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.IdPPartnerinterface.Virtual User Specifies whether user information contained in assertions received from this Identity Provider partner are mapped to virtual users in this security realm.
Note that to use virtual users, you must configure the SAML Authentication provider.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.IdPPartnerinterface.Redirect URIs An optional set of URIs from which unauthenticated users will be redirected to the Identity Provider partner.
Note the following:
- A URI may include a wildcard pattern, but the wildcard pattern must include a file type to match specific files in a directory. For example, to create a match for all files in the
/targetappdirectory, including all.jsp,.html, and.htmlfiles, the following wildcard patterns are specified:
/targetapp/*
/targetapp/*.jsp
/targetapp/*.html
/targetapp/*.html- If two or more Identity Provider partners are configured that are capable of authenticating a user for a given URI in this list, the authentication request is sent to the first matching partner that the SAML 2.0 services finds.
- The use of Redirect URIs is only one mechanism for enabling a Service Provider initiated web single sign-on session. Another is to embed the Service Provider initiator service URI (by default, this is
sp/sso/initiator) in the URI of the requested resource.Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.WebSSOIdPPartnerinterface.Process Attributes Specifies whether the SAML 2.0 Identity Asserter provider consumes attribute statements contained in assertions received from this Identity Provider partner.
To use this attribute, the SAML Authentication provider must be configured in the domain, and it must:
- Be configured to run before other authentication providers
- Have the JAAS Control Flag set to SUFFICIENT
The SAML Authentication provider creates an authenticated subject using the user name and groups extracted from a SAML assertion by the SAML 2.0 Identity Assertion provider.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.IdPPartnerinterface.Only Accept Signed Authentication Requests Specifies whether authentication requests sent to this Identity Provider partner must be signed.
If this attribute is set to
true, authentication requests sent to this Identity Provider partner are signed, even if the SAML 2.0 Service Provider configuration for the local site are not set to automatically sign authentication requests.Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.WebSSOIdPPartnerinterface.Only Accept Signed Artifact Requests Specifies whether SAML artifact requests received from this Identity Provider partner must be signed.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.WebSSOPartnerinterface.Send Artifact via POST Specifies whether SAML artifacts are delivered to this Identity Provider partner via the HTTP POST method.
If not enabled, SAML artifacts are delivered via the HTTP GET method.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.WebSSOPartnerinterface.Artifact Binding POST Form The URL of the custom web application that generates the POST form for carrying the SAML response for Artifact bindings to this Identity Provider partner. Details about the required fields in this custom application are available in the OASIS SAML 2.0 specifications.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.WebSSOPartnerinterface.POST Binding POST Form The URL of the custom web application that generates the POST form for carrying the SAML response for POST bindings to this Identity Provider partner.
If a custom POST form is used, the parameters will be made available as a Map of names and values, but the form may or may not be constructed to include the parameters in the POSTed data. Details about the required fields in this custom application are available in the OASIS SAML 2.0 specifications.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registry.WebSSOPartnerinterface.Client User Name The user name that must be specified in the basic authentication header that is expected from this Identity Provider partner when the partner connects to the local site's SOAP/HTTPS binding.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registryinterface..BindingClientPartnerClient Password The password of the client user name.
Operations on this parameter are available in the
com.bea.security.saml2.providers.registryinterface..BindingClientPartner
- Create a SAML 2.0 Web Single Sign-on Identity Provider partner
- Configure authentication and identity assertion providers
- Manage security providers
- Configuring a Service Provider Site for SAML 2.0 Single Sign-On
- Configuring the SAML Authentication Provider
- Understanding Security for Oracle WebLogic Server
- Configuring Single Sign-On with Web Browsers and HTTP Clients
- Configuring SAML 2.0 Services
- API description of com.bea.security.saml2.providers.registry.Partner interface
- API description of com.bea.security.saml2.providers.registry.IdPPartner interface
- API description of com.bea.security.saml2.providers.registry.WebSSOIdPPartner interface
- API description of com.bea.security.saml2.providers.registry.WebSSOPartner interface interface
- API description of com.bea.security.saml2.providers.registry.BindingClientPartner interface
|