Package weblogic.management.configuration

Interface SingleSignOnServicesMBean

All Superinterfaces:

ConfigurationMBean, DescriptorBean, javax.management.DynamicMBean, javax.management.MBeanRegistration, javax.management.NotificationBroadcaster, SettableBean, SingleSignOnServicesConfigSpi, WebLogicMBean

public interface SingleSignOnServicesMBean
extends ConfigurationMBean, SingleSignOnServicesConfigSpi

This MBean represents configuration for SAML 2.0-based local site Single Sign-On Services.

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	AES128_CBC
static java.lang.String	AES128_GCM
static java.lang.String	AES192_CBC
static java.lang.String	AES192_GCM
static java.lang.String	AES256_CBC
static java.lang.String	AES256_GCM
static java.lang.String	RSA15
static java.lang.String	RSAOAEP
static java.lang.String	RSAOAEP11
static java.lang.String	TRIPLEDES_CBC

Fields inherited from interface weblogic.management.configuration.ConfigurationMBean

DEFAULT_EMPTY_BYTE_ARRAY

Method Summary

Modifier and Type	Method	Description
java.lang.String[]	getAllowedTargetHosts()	List of hosts to compare against the host in the SAML SP target redirect URL.
int	getArtifactMaxCacheSize()	The maximum size of the artifact cache.
int	getArtifactTimeout()	The maximum timeout (in seconds) of artifacts stored in the local cache.
java.lang.String	getAssertionEncryptionDecryptionKeyAlias()	The keystore alias for the certificate and private key to be used to encrypt and decrypt SAML Assertions.
java.lang.String	getAssertionEncryptionDecryptionKeyPassPhrase()	The passphrase used to retrieve the local site's Assertion key from the keystore.
byte[]	getAssertionEncryptionDecryptionKeyPassPhraseEncrypted()	The encrypted passphrase used to retrieve the local site's Assertion key from the keystore.
int	getAuthnRequestMaxCacheSize()	The maximum size of the authentication request cache.
int	getAuthnRequestTimeout()	The maximum timeout (in seconds) of <AuthnRequest> documents stored in the local cache.
java.lang.String	getBasicAuthPassword()	The password used to assign Basic Authentication credentials to outgoing HTTPS connections
byte[]	getBasicAuthPasswordEncrypted()	The encrypted password used assign Basic Authentication credentials to outgoing HTTPS connections.
java.lang.String	getBasicAuthUsername()	The username that is used to assign Basic authentication credentials to outgoing HTTPS connections.
java.lang.String	getContactPersonCompany()	The contact person's company name.
java.lang.String	getContactPersonEmailAddress()	The contact person's e-mail address.
java.lang.String	getContactPersonGivenName()	The contact person given (first) name.
java.lang.String	getContactPersonSurName()	The contact person surname (last name).
java.lang.String	getContactPersonTelephoneNumber()	The contact person's telephone number.
java.lang.String	getContactPersonType()	The contact person type.
java.lang.String	getDataEncryptionAlgorithm()	Get the preferred data encryption algorithm for SAML assertion encryption.
java.lang.String	getDefaultURL()	The Service Provider's default URL.
java.lang.String	getEntityID()	The string that uniquely identifies the local site.
java.lang.String	getIdentityProviderPreferredBinding()	Specifies the preferred binding type for endpoints of the Identity Provider services.
java.lang.String	getKeyEncryptionAlgorithm()	Get the preferred key encryption algorithm for SAML assertion encryption.
java.lang.String	getLoginReturnQueryParameter()	The name of the query parameter to be used for conveying the login-return URL to the login form web application.
java.lang.String	getLoginURL()	The URL of the login form web application to which unauthenticated requests are directed.
java.lang.String[]	getMetadataEncryptionAlgorithms()	Get the list of algorithms to put in the metadata.
java.lang.String	getOrganizationName()	The organization name.
java.lang.String	getOrganizationURL()	The organization URL.
java.lang.String	getPublishedSiteURL()	The published site URL.
java.lang.String	getServiceProviderPreferredBinding()	Specifies the preferred binding type for endpoints of Service Provider services.
java.lang.String	getServiceProviderSingleLogoutBinding()	The binding used by the Service Provider to send SAML Single Logout Requests
java.lang.String[]	getServiceProviderSingleLogoutRedirectURIs()	The list of allowed redirect URIs to be used by the initiating Service Provider for after Logout redirection.
java.lang.String	getSSOSigningKeyAlias()	The keystore alias for the key to be used when signing documents.
java.lang.String	getSSOSigningKeyPassPhrase()	The passphrase used to retrieve the local site's SSO signing key from the keystore.
byte[]	getSSOSigningKeyPassPhraseEncrypted()	The encrypted passphrase used to retrieve the local site's SSO signing key from the keystore.
java.lang.String	getTransportLayerSecurityKeyAlias()	The string alias used to store and retrieve the server's private key, which is used to establish outgoing TLS/SSL connections.
java.lang.String	getTransportLayerSecurityKeyPassPhrase()	The passphrase used to retrieve the server's private key from the keystore.
byte[]	getTransportLayerSecurityKeyPassPhraseEncrypted()	The encrypted passphrase used to retrieve the local site's TLS/SSL key from the keystore.
boolean	isAssertionEncryptionEnabled()	Get assertion encryption enabled flag
boolean	isAssertionSubjectSessionTimeoutCheckEnabled()	Indicates whether to use the session timeout timestamp from the assertion's subject as a condition to time out the local session.
boolean	isForceAuthn()	Specifies whether the Identity Provider must authenticate users directly and not use a previous security context.
boolean	isIdentityProviderArtifactBindingEnabled()	Specifies whether the Artifact binding is enabled for the Identity Provider.
boolean	isIdentityProviderEnabled()	Specifies whether the local site is enabled for the Identity Provider role.
boolean	isIdentityProviderPOSTBindingEnabled()	Specifies whether the POST binding is enabled for the Identity Provider.
boolean	isIdentityProviderRedirectBindingEnabled()	Specifies whether the Redirect binding is enabled for the Identity Provider.
boolean	isPassive()	Determines whether the Identity Provider and the user must not take control of the user interface from the requester and interact with the user in a noticeable fashion.
boolean	isPOSTOneUseCheckEnabled()	Specifies whether the POST one-use check is enabled.
boolean	isRecipientCheckEnabled()	Specifies whether the recipient/destination check is enabled.
boolean	isReplicatedCacheEnabled()	Specifies whether the persistent cache (LDAP or RDBMS) is used for storing SAML 2.0 artifacts and authentication requests.
boolean	isServiceProviderArtifactBindingEnabled()	Specifies whether the Artifact binding is enabled for the Service Provider.
boolean	isServiceProviderEnabled()	Specifies whether the local site is enabled for the Service Provider role.
boolean	isServiceProviderPOSTBindingEnabled()	Specifies whether the POST binding is enabled for the Service Provider.
boolean	isServiceProviderSingleLogoutEnabled()	Specifies whether Single Logout is enabled for the Service Provider.
boolean	isSignAuthnRequests()	Specifies whether authentication requests must be signed.
boolean	isWantArtifactRequestsSigned()	Specifies whether incoming artifact requests must be signed.
boolean	isWantAssertionsSigned()	Specifies whether incoming SAML 2.0 assertions must be signed.
boolean	isWantAuthnRequestsSigned()	Specifies whether incoming authentication requests must be signed.
boolean	isWantBasicAuthClientAuthentication()	Specifies whether Basic Authentication client authentication is required.
boolean	isWantResponsesSigned()	Specifies whether the inbound SAML 2.0 Responses must be signed.
boolean	isWantTransportLayerSecurityClientAuthentication()	Specifies whether TLS/SSL client authentication is required.
void	setAllowedTargetHosts(java.lang.String[] allowedTargetHosts)	Set the allowed target hosts for url redirection
void	setArtifactMaxCacheSize(int cacheSize)
void	setArtifactTimeout(int timeout)
void	setAssertionEncryptionDecryptionKeyAlias(java.lang.String assertionEncryptionDecryptionKeyAlias)	Set the Assertion encryption, decryption key alias.
void	setAssertionEncryptionDecryptionKeyPassPhrase(java.lang.String assertionEncryptionDecryptionKeyPassPhrase)	Sets the value of the AssertionEncryptionDecryptionKeyPassPhrase attribute.
void	setAssertionEncryptionDecryptionKeyPassPhraseEncrypted(byte[] assertionEncryptionDecryptionKeyPassPhraseEncrypted)	Sets the value of the AssertionEncryptionDecryptionKeyPassPhraseEncrypted attribute.
void	setAssertionEncryptionEnabled(boolean assertionEncryptionEnabled)	Set the AssertionEncryptionEnabled flag
void	setAssertionSubjectSessionTimeoutCheckEnabled(boolean timeoutCheckEnabled)	Sets the AssertionSubjectSessionTimeoutCheckEnabled flag.
void	setAuthnRequestMaxCacheSize(int cacheSize)
void	setAuthnRequestTimeout(int timeout)
void	setBasicAuthPassword(java.lang.String password)	Sets the value of the BasicAuthPassword attribute.
void	setBasicAuthPasswordEncrypted(byte[] passwordEncrypted)	Sets the value of the BasicAuthPasswordEncrypted attribute.
void	setBasicAuthUsername(java.lang.String name)	Sets Basic Authentication username
void	setContactPersonCompany(java.lang.String company)	Sets the contact person company
void	setContactPersonEmailAddress(java.lang.String address)	Sets the contact person e-mail address
void	setContactPersonGivenName(java.lang.String name)	Sets the contact person given name
void	setContactPersonSurName(java.lang.String name)	Sets the contact person surname
void	setContactPersonTelephoneNumber(java.lang.String number)	Sets the contact person telephone number
void	setContactPersonType(java.lang.String type)	Sets contact person type using enumeration values from SAML 2.0 metadata.
void	setDefaultURL(java.lang.String defaultURL)
void	setEntityID(java.lang.String entityID)	Sets the Entity ID
void	setForceAuthn(boolean forceAuthn)	Sets the force authentication flag
void	setIdentityProviderArtifactBindingEnabled(boolean enabled)
void	setIdentityProviderEnabled(boolean isEnabled)	Sets identity provider enabled flag
void	setIdentityProviderPOSTBindingEnabled(boolean enabled)
void	setIdentityProviderPreferredBinding(java.lang.String binding)	Binding must be one of "None", "HTTP/POST", or "HTTP/Artifact"
void	setIdentityProviderRedirectBindingEnabled(boolean enabled)
void	setKeyEncryptionAlgorithm(java.lang.String keyEncryptionAlgorithm)	Set the preferred key encryption algorithm.
void	setLoginReturnQueryParameter(java.lang.String queryParameter)	Sets the login return query parameter
void	setLoginURL(java.lang.String loginURL)	SEts the Login URL
void	setMetadataEncryptionAlgorithms(java.lang.String[] algorithms)
void	setOrganizationName(java.lang.String name)	Sets the organization name
void	setOrganizationURL(java.lang.String url)	Sets the organization URL
void	setPassive(boolean passive)	Sets the passive flag
void	setPOSTOneUseCheckEnabled(boolean postOneUseCheckEnabled)	Set the POST one-use check enabled value.
void	setPublishedSiteURL(java.lang.String siteURL)	The published site URL.
void	setRecipientCheckEnabled(boolean postRecipientCheckEnabled)	Set the POST recipient check enabled value.
void	setReplicatedCacheEnabled(boolean replicated)	Sets the Use Replicated Cache flag.
void	setServiceProviderArtifactBindingEnabled(boolean enabled)
void	setServiceProviderEnabled(boolean isEnabled)	Sets service provider enabled flag
void	setServiceProviderPOSTBindingEnabled(boolean enabled)
void	setServiceProviderPreferredBinding(java.lang.String binding)	Binding must be one of "None", "HTTP/POST", or "HTTP/Artifact"
void	setServiceProviderSingleLogoutBinding(java.lang.String binding)	Sets the binding used by the Service Provider to send SAML Single Logout Requests
void	setServiceProviderSingleLogoutEnabled(boolean singleLogoutEnabled)	Sets the Service Provider's SingleLogoutEnabled flag.
void	setServiceProviderSingleLogoutRedirectURIs(java.lang.String[] redirectURIs)	Sets the list of allowed URIs to be used by the initiating Service Provider for after Logout redirection.
void	setSignAuthnRequests(boolean signAuthnRequests)	Sets the sign <AuthnRequest> documents flag
void	setSSOSigningKeyAlias(java.lang.String ssoSigningKeyAlias)	Set the SSO Signing key alias.
void	setSSOSigningKeyPassPhrase(java.lang.String signingKeyPassPhrase)	Sets the value of the SSOSigningKeyPassPhrase attribute.
void	setSSOSigningKeyPassPhraseEncrypted(byte[] signingKeyPassPhraseEncrypted)	Sets the value of the SSOSigningKeyPassPhraseEncrypted attribute.
void	setTransportLayerSecurityKeyAlias(java.lang.String keyAlias)	Set the TLS/SSL key alias.
void	setTransportLayerSecurityKeyPassPhrase(java.lang.String keyPassPhrase)	Sets the value of the TransportLayerSecurityKeyPassPhrase attribute.
void	setTransportLayerSecurityKeyPassPhraseEncrypted(byte[] keyPassPhraseEncrypted)	Sets the value of the TransportLayerSecurityKeyPassPhraseEncrypted attribute.
void	setWantArtifactRequestsSigned(boolean wantSigned)	Sets the flag that determines if <ArtifactRequest> documents will be signed
void	setWantAssertionsSigned(boolean wantSigned)	Set want assertions signed flag
void	setWantAuthnRequestsSigned(boolean wantAuthnRequestsSigned)	Determines that authentication requests must be signed.
void	setWantBasicAuthClientAuthentication(boolean wantBA)	Sets the flag that determines if Basic Authentication client authentication is wanted
void	setWantResponsesSigned(boolean wantResponsesSigned)	Sets WantResponsesSigned flag
void	setWantTransportLayerSecurityClientAuthentication(boolean wantAuthentication)	Sets the flag that determines if TLS/SSL client authentication is required.

Methods inherited from interface weblogic.management.configuration.ConfigurationMBean

freezeCurrentValue, getId, getInheritedProperties, getName, getNotes, isDynamicallyCreated, isInherited, isSet, restoreDefaultValue, setComments, setDefaultedMBean, setName, setNotes, setPersistenceEnabled, unSet

Methods inherited from interface weblogic.descriptor.DescriptorBean

addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener

Methods inherited from interface javax.management.DynamicMBean

getAttribute, getAttributes, invoke, setAttribute, setAttributes

Methods inherited from interface javax.management.MBeanRegistration

postDeregister, postRegister, preDeregister, preRegister

Methods inherited from interface javax.management.NotificationBroadcaster

addNotificationListener, getNotificationInfo, removeNotificationListener

Methods inherited from interface weblogic.management.WebLogicMBean

getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent

Field Detail

AES128_CBC

static final java.lang.String AES128_CBC

See Also:

Constant Field Values

AES192_CBC

static final java.lang.String AES192_CBC

See Also:

Constant Field Values

AES256_CBC

static final java.lang.String AES256_CBC

See Also:

Constant Field Values

AES128_GCM

static final java.lang.String AES128_GCM

See Also:

Constant Field Values

AES192_GCM

static final java.lang.String AES192_GCM

See Also:

Constant Field Values

AES256_GCM

static final java.lang.String AES256_GCM

See Also:

Constant Field Values

TRIPLEDES_CBC

static final java.lang.String TRIPLEDES_CBC

See Also:

Constant Field Values

RSAOAEP11

static final java.lang.String RSAOAEP11

See Also:

Constant Field Values

RSAOAEP

static final java.lang.String RSAOAEP

See Also:

Constant Field Values

RSA15

static final java.lang.String RSA15

See Also:

Constant Field Values

Method Detail

getContactPersonGivenName

java.lang.String getContactPersonGivenName()

The contact person given (first) name.

Specified by:

getContactPersonGivenName in interface SingleSignOnServicesConfigSpi

Returns:

Contact person given name.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setContactPersonGivenName

void setContactPersonGivenName(java.lang.String name)

Sets the contact person given name

Parameters:

name - Contact person given name

getContactPersonSurName

java.lang.String getContactPersonSurName()

The contact person surname (last name).

Specified by:

getContactPersonSurName in interface SingleSignOnServicesConfigSpi

Returns:

Contact person surname

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setContactPersonSurName

void setContactPersonSurName(java.lang.String name)

Sets the contact person surname

Parameters:

name - Contact person surname

getContactPersonType

java.lang.String getContactPersonType()

The contact person type.

Specified by:

getContactPersonType in interface SingleSignOnServicesConfigSpi

Returns:

Contact person type.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setContactPersonType

void setContactPersonType(java.lang.String type)

Sets contact person type using enumeration values from SAML 2.0 metadata.

Parameters:

type - Contact person type

getContactPersonCompany

java.lang.String getContactPersonCompany()

The contact person's company name.

Specified by:

getContactPersonCompany in interface SingleSignOnServicesConfigSpi

Returns:

Contact person company.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setContactPersonCompany

void setContactPersonCompany(java.lang.String company)

Sets the contact person company

Parameters:

company - Contact person company

getContactPersonTelephoneNumber

java.lang.String getContactPersonTelephoneNumber()

The contact person's telephone number.

Specified by:

getContactPersonTelephoneNumber in interface SingleSignOnServicesConfigSpi

Returns:

Contact person telephone number.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setContactPersonTelephoneNumber

void setContactPersonTelephoneNumber(java.lang.String number)

Sets the contact person telephone number

Parameters:

number - Contact person telephone number

getContactPersonEmailAddress

java.lang.String getContactPersonEmailAddress()

The contact person's e-mail address.

Specified by:

getContactPersonEmailAddress in interface SingleSignOnServicesConfigSpi

Returns:

Contact person e-mail address.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setContactPersonEmailAddress

void setContactPersonEmailAddress(java.lang.String address)

Sets the contact person e-mail address

Parameters:

address - Contact person e-mail address

getOrganizationName

java.lang.String getOrganizationName()

The organization name.

This string specifies the name of the organization to which a user may refer for obtaining additional information about the local site.

Specified by:

getOrganizationName in interface SingleSignOnServicesConfigSpi

Returns:

Organization name.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setOrganizationName

void setOrganizationName(java.lang.String name)

Sets the organization name

Parameters:

name - Organization name

getOrganizationURL

java.lang.String getOrganizationURL()

The organization URL.

This string specifies a location to which a user may refer for information about the local site. This string is not used by SAML 2.0 services for the actual handling or processing of messages.

Specified by:

getOrganizationURL in interface SingleSignOnServicesConfigSpi

Returns:

Organization URL.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setOrganizationURL

void setOrganizationURL(java.lang.String url)

Sets the organization URL

Parameters:

url - Organization URL

getPublishedSiteURL

java.lang.String getPublishedSiteURL()

The published site URL.

When publishing SAML 2.0 metadata, this URL is used as a base URL to construct endpoint URLs for the various SAML 2.0 services. The published site URL is also used during request processing to generate and/or parse various URLs.

The hostname and port portion of the URL should be the hostname and port at which the server is visible externally; this may not be the same as the hostname and port by which the server is known locally. If you are configuring SAML 2.0 services in a cluster, the hostname and port may correspond to the load balancer or proxy server that distributes client requests to servers in the cluster.

The remainder of the URL should be a single path component corresponding to the application context at which the SAML 2.0 services application is deployed (typically /saml2).

Specified by:

getPublishedSiteURL in interface SingleSignOnServicesConfigSpi

Returns:

The published site URL.

See Also:

setPublishedSiteURL(String)

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setPublishedSiteURL

void setPublishedSiteURL(java.lang.String siteURL)

The published site URL.

When publishing SAML 2.0 metadata, this is used as a base URL to construct endpoint URLs for the various SAML 2.0 services. The published site URL is also used during request processing to generate or parse various URLs.

The hostname and port portion of the URL should be the hostname and port at which the server is externally visible; this may not be the same as the hostname and port by which the server is known locally. For example, if you are configuring SAML 2.0 services in a cluster, the hostname and port of the published site URL may correspond to the load balancer or proxy server that distributes client requests to servers in the cluster.

The remainder of the URL should be a single path component corresponding to the application context at which the SAML 2.0 services application is deployed (typically /saml2).

Parameters:

siteURL - The published site URL to set.

getEntityID

java.lang.String getEntityID()

The string that uniquely identifies the local site.

Specified by:

getEntityID in interface SingleSignOnServicesConfigSpi

Returns:

Entity ID

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setEntityID

void setEntityID(java.lang.String entityID)

Sets the Entity ID

Parameters:

entityID - entity ID

isServiceProviderEnabled

boolean isServiceProviderEnabled()

Specifies whether the local site is enabled for the Service Provider role.

This attribute must be enabled in order to publish the metadata file.

Specified by:

isServiceProviderEnabled in interface SingleSignOnServicesConfigSpi

Returns:

Service provider enabled flag; 'true', if the service provider is enabled

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setServiceProviderEnabled

void setServiceProviderEnabled(boolean isEnabled)

Sets service provider enabled flag

Parameters:

isEnabled - Service provider enabled flag

getDefaultURL

java.lang.String getDefaultURL()

The Service Provider's default URL.

When an unsolicited SSO response arrives at the Service Provider without an accompanying target URL, the user (if authenticated) is redirected to this default URL.

Specified by:

getDefaultURL in interface SingleSignOnServicesConfigSpi

Returns:

the default URL

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setDefaultURL

void setDefaultURL(java.lang.String defaultURL)

isServiceProviderArtifactBindingEnabled

boolean isServiceProviderArtifactBindingEnabled()

Specifies whether the Artifact binding is enabled for the Service Provider.

Specified by:

isServiceProviderArtifactBindingEnabled in interface SingleSignOnServicesConfigSpi

Returns:

Service provider artifact binding enabled flag; if 'true', local services will support endpoint with artifact binding when acting in the role of service provider

Default Value:

true

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setServiceProviderArtifactBindingEnabled

void setServiceProviderArtifactBindingEnabled(boolean enabled)

isServiceProviderPOSTBindingEnabled

boolean isServiceProviderPOSTBindingEnabled()

Specifies whether the POST binding is enabled for the Service Provider.

Specified by:

isServiceProviderPOSTBindingEnabled in interface SingleSignOnServicesConfigSpi

Returns:

Service provider POST binding enabled flag; if 'true', local services will support endpoint with POST binding when acting in the role of service provider

Default Value:

true

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setServiceProviderPOSTBindingEnabled

void setServiceProviderPOSTBindingEnabled(boolean enabled)

getServiceProviderPreferredBinding

java.lang.String getServiceProviderPreferredBinding()

Specifies the preferred binding type for endpoints of Service Provider services. Must be set to "None", "POST", or "Artifact".

Specified by:

getServiceProviderPreferredBinding in interface SingleSignOnServicesConfigSpi

Returns:

Preferred binding type for endpoints

Default Value:

"None"

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

This property cannot be null.

Valid Values:

"None","HTTP/POST","HTTP/Artifact"

setServiceProviderPreferredBinding

void setServiceProviderPreferredBinding(java.lang.String binding)

Binding must be one of "None", "HTTP/POST", or "HTTP/Artifact"

isSignAuthnRequests

boolean isSignAuthnRequests()

Specifies whether authentication requests must be signed. If set, all outgoing authentication requests are signed.

Specified by:

isSignAuthnRequests in interface SingleSignOnServicesConfigSpi

Returns:

Sign <AuthnRequest> documents flag.

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setSignAuthnRequests

void setSignAuthnRequests(boolean signAuthnRequests)

Sets the sign <AuthnRequest> documents flag

Parameters:

signAuthnRequests - Sign <AuthnRequest> documents flag

isAssertionSubjectSessionTimeoutCheckEnabled

boolean isAssertionSubjectSessionTimeoutCheckEnabled()

Indicates whether to use the session timeout timestamp from the assertion's subject as a condition to time out the local session.

Specified by:

isAssertionSubjectSessionTimeoutCheckEnabled in interface SingleSignOnServicesConfigSpi

Returns:

the AssertionSubjectSessionTimeoutCheckEnabled flag.

Default Value:

true

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setAssertionSubjectSessionTimeoutCheckEnabled

void setAssertionSubjectSessionTimeoutCheckEnabled(boolean timeoutCheckEnabled)

Sets the AssertionSubjectSessionTimeoutCheckEnabled flag.

Parameters:

timeoutCheckEnabled - assertion subject session timeout check enabled flag

isServiceProviderSingleLogoutEnabled

boolean isServiceProviderSingleLogoutEnabled()

Specifies whether Single Logout is enabled for the Service Provider.

Specified by:

isServiceProviderSingleLogoutEnabled in interface SingleSignOnServicesConfigSpi

Returns:

the Service Provider's SingleLogoutEnabled flag.

Default Value:

true

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setServiceProviderSingleLogoutEnabled

void setServiceProviderSingleLogoutEnabled(boolean singleLogoutEnabled)

Sets the Service Provider's SingleLogoutEnabled flag.

Parameters:

singleLogoutEnabled - Single Logout enabled flag

getServiceProviderSingleLogoutBinding

java.lang.String getServiceProviderSingleLogoutBinding()

The binding used by the Service Provider to send SAML Single Logout Requests

Specified by:

getServiceProviderSingleLogoutBinding in interface SingleSignOnServicesConfigSpi

Returns:

the binding

Default Value:

"HTTP/Redirect"

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setServiceProviderSingleLogoutBinding

void setServiceProviderSingleLogoutBinding(java.lang.String binding)

Sets the binding used by the Service Provider to send SAML Single Logout Requests

Parameters:

binding - must be one of the supported values: "HTTP/Redirect", "HTTP/POST"

Default Value:

"HTTP/Redirect"

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Valid Values:

"HTTP/Redirect", "HTTP/POST"

getServiceProviderSingleLogoutRedirectURIs

java.lang.String[] getServiceProviderSingleLogoutRedirectURIs()

The list of allowed redirect URIs to be used by the initiating Service Provider for after Logout redirection.

Specified by:

getServiceProviderSingleLogoutRedirectURIs in interface SingleSignOnServicesConfigSpi

Returns:

the list of allowed Redirect URIs

setServiceProviderSingleLogoutRedirectURIs

void setServiceProviderSingleLogoutRedirectURIs(java.lang.String[] redirectURIs)

Sets the list of allowed URIs to be used by the initiating Service Provider for after Logout redirection.

Parameters:

redirectURIs - list of allowed redirect URIs after logout

See Also:

getServiceProviderSingleLogoutRedirectURIs()

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

isWantAssertionsSigned

boolean isWantAssertionsSigned()

Specifies whether incoming SAML 2.0 assertions must be signed.

Specified by:

isWantAssertionsSigned in interface SingleSignOnServicesConfigSpi

Returns:

Want incoming assertions signed flag

Default Value:

true

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setWantAssertionsSigned

void setWantAssertionsSigned(boolean wantSigned)

Set want assertions signed flag

Parameters:

wantSigned - Want assertions signed flag

isWantResponsesSigned

boolean isWantResponsesSigned()

Specifies whether the inbound SAML 2.0 Responses must be signed.

Specified by:

isWantResponsesSigned in interface SingleSignOnServicesConfigSpi

Returns:

WantResponsesSigned flag

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setWantResponsesSigned

void setWantResponsesSigned(boolean wantResponsesSigned)

Sets WantResponsesSigned flag

Parameters:

wantResponsesSigned -

getSSOSigningKeyAlias

java.lang.String getSSOSigningKeyAlias()

The keystore alias for the key to be used when signing documents.

The key is used to generate signatures on all the outgoing documents, such as authentication requests and responses. If you do not specify an alias, the server's configured SSL private key alias from the server's SSL configuration is used by default.

Specified by:

getSSOSigningKeyAlias in interface SingleSignOnServicesConfigSpi

Returns:

The SSO Signing key.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setSSOSigningKeyAlias

void setSSOSigningKeyAlias(java.lang.String ssoSigningKeyAlias)

Set the SSO Signing key alias.

Parameters:

ssoSigningKeyAlias - The SSO Signing key alias to set.

See Also:

getSSOSigningKeyAlias()

getSSOSigningKeyPassPhrase

java.lang.String getSSOSigningKeyPassPhrase()

The passphrase used to retrieve the local site's SSO signing key from the keystore.

If you do not specify a keystore alias and passphrase, the server's configured private key alias and private key passphrase from the server's SSL configuration is used by default.

Specified by:

getSSOSigningKeyPassPhrase in interface SingleSignOnServicesConfigSpi

Returns:

The signingKeyPassPhrase.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setSSOSigningKeyPassPhrase

void setSSOSigningKeyPassPhrase(java.lang.String signingKeyPassPhrase)
                         throws javax.management.InvalidAttributeValueException

Sets the value of the SSOSigningKeyPassPhrase attribute.

When you get the value of this attribute, WebLogic Server does the following:

1. Retrieves the value of the SSOSigningKeyPassPhraseEncrypted attribute.
2. Decrypts the value and returns the unencrypted passphrase as a String.

When you set the value of this attribute, WebLogic Server does the following:

1. Encrypts the value.
2. Sets the value of the SSOSigningKeyPassPhraseEncrypted attribute to the encrypted value.

Using this attribute (SSOSigningKeyPassPhrase) is a potential security risk because the String object (which contains the unencrypted passphrase) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.

Instead of using this attribute, use getSSOSigningKeyPassPhraseEncrypted.

Parameters:

signingKeyPassPhrase - The signingKeyPassPhrase to set.

Throws:

javax.management.InvalidAttributeValueException

getSSOSigningKeyPassPhraseEncrypted

byte[] getSSOSigningKeyPassPhraseEncrypted()

The encrypted passphrase used to retrieve the local site's SSO signing key from the keystore.

To set this attribute, use weblogic.management.EncryptionHelper.encrypt() to encrypt the value. Then set this attribute to the output of the encrypt() method.

To compare a password that a user enters with the encrypted value of this attribute, go to the same WebLogic Server instance that you used to set and encrypt this attribute and use weblogic.management.EncryptionHelper.encrypt() to encrypt the user-supplied password. Then compare the encrypted values.

Specified by:

getSSOSigningKeyPassPhraseEncrypted in interface SingleSignOnServicesConfigSpi

Returns:

The encrypted signingKeyPassPhrase.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setSSOSigningKeyPassPhraseEncrypted

void setSSOSigningKeyPassPhraseEncrypted(byte[] signingKeyPassPhraseEncrypted)
                                  throws javax.management.InvalidAttributeValueException

Sets the value of the SSOSigningKeyPassPhraseEncrypted attribute.

Parameters:

signingKeyPassPhraseEncrypted - The signingKeyPassPhraseEncrypted value to set.

Throws:

javax.management.InvalidAttributeValueException

isForceAuthn

boolean isForceAuthn()

Specifies whether the Identity Provider must authenticate users directly and not use a previous security context. The default is false.

Note the following:

1. If the user is already authenticated at the Identity Provider site and ForceAuthn is set to true, the user is forced to authenticate again at the Identity Provider site.
2. Setting both ForceAuthn and IsPassive to true -- that is, Force Authentication and Passive are enabled -- is an invalid configuration that causes WebLogic server to generate an exception and also causes the single sign-on session to fail.

Specified by:

isForceAuthn in interface SingleSignOnServicesConfigSpi

Returns:

Force authentication flag

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setForceAuthn

void setForceAuthn(boolean forceAuthn)

Sets the force authentication flag

Parameters:

forceAuthn - Force authentication flag

isPassive

boolean isPassive()

Determines whether the Identity Provider and the user must not take control of the user interface from the requester and interact with the user in a noticeable fashion. The default setting is false.

The WebLogic Server SAML 2.0 services generate an exception if Passive (IsPassive) is enabled and the end user is not already authenticated at the Identity Provider site. In this situation, web single sign-on fails.

Specified by:

isPassive in interface SingleSignOnServicesConfigSpi

Returns:

Passive flag

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setPassive

void setPassive(boolean passive)

Sets the passive flag

Parameters:

passive - passive flag

isIdentityProviderEnabled

boolean isIdentityProviderEnabled()

Specifies whether the local site is enabled for the Identity Provider role.

Specified by:

isIdentityProviderEnabled in interface SingleSignOnServicesConfigSpi

Returns:

Identity provider enabled flag; if 'true', local services will act in the role of identity provider

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setIdentityProviderEnabled

void setIdentityProviderEnabled(boolean isEnabled)

Sets identity provider enabled flag

Parameters:

isEnabled - Identity provider enabled flag

isIdentityProviderArtifactBindingEnabled

boolean isIdentityProviderArtifactBindingEnabled()

Specifies whether the Artifact binding is enabled for the Identity Provider.

Specified by:

isIdentityProviderArtifactBindingEnabled in interface SingleSignOnServicesConfigSpi

Returns:

Identity provider artifact binding enabled flag; if 'true', local services will support endpoint with artifact binding when acting in the role of identity provider

Default Value:

true

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setIdentityProviderArtifactBindingEnabled

void setIdentityProviderArtifactBindingEnabled(boolean enabled)

isIdentityProviderPOSTBindingEnabled

boolean isIdentityProviderPOSTBindingEnabled()

Specifies whether the POST binding is enabled for the Identity Provider.

Specified by:

isIdentityProviderPOSTBindingEnabled in interface SingleSignOnServicesConfigSpi

Returns:

Identity provider POST binding enabled flag; if 'true', local services will support endpoint with POST binding when acting in the role of identity provider

Default Value:

true

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setIdentityProviderPOSTBindingEnabled

void setIdentityProviderPOSTBindingEnabled(boolean enabled)

isIdentityProviderRedirectBindingEnabled

boolean isIdentityProviderRedirectBindingEnabled()

Specifies whether the Redirect binding is enabled for the Identity Provider.

Specified by:

isIdentityProviderRedirectBindingEnabled in interface SingleSignOnServicesConfigSpi

Returns:

Identity provider redirect binding enabled flag; if 'true', local services will support endpoint with redirect binding when acting in the role of identity provider

Default Value:

true

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setIdentityProviderRedirectBindingEnabled

void setIdentityProviderRedirectBindingEnabled(boolean enabled)

getIdentityProviderPreferredBinding

java.lang.String getIdentityProviderPreferredBinding()

Specifies the preferred binding type for endpoints of the Identity Provider services. Must be set to None, HTTP/POST, HTTP/Artifact, or HTTP/Redirect.

Specified by:

getIdentityProviderPreferredBinding in interface SingleSignOnServicesConfigSpi

Returns:

Preferred binding type for endpoints

Default Value:

"None"

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

This property cannot be null.

Valid Values:

"None","HTTP/POST","HTTP/Artifact","HTTP/Redirect"

setIdentityProviderPreferredBinding

void setIdentityProviderPreferredBinding(java.lang.String binding)

Binding must be one of "None", "HTTP/POST", or "HTTP/Artifact"

getLoginURL

java.lang.String getLoginURL()

The URL of the login form web application to which unauthenticated requests are directed.

By default, the login URL is /saml2/idp/login using Basic authentication. Typically you specify this URL if you are using a custom login web application.

Specified by:

getLoginURL in interface SingleSignOnServicesConfigSpi

Returns:

Login URL.

Default Value:

"/saml2/idp/login"

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

This property cannot be null.

This property cannot have a value of length zero.

setLoginURL

void setLoginURL(java.lang.String loginURL)

SEts the Login URL

Parameters:

loginURL - login URL

getLoginReturnQueryParameter

java.lang.String getLoginReturnQueryParameter()

The name of the query parameter to be used for conveying the login-return URL to the login form web application.

Specified by:

getLoginReturnQueryParameter in interface SingleSignOnServicesConfigSpi

Returns:

Login return query parameter

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setLoginReturnQueryParameter

void setLoginReturnQueryParameter(java.lang.String queryParameter)

Sets the login return query parameter

Parameters:

queryParameter - login return query parameter

isWantAuthnRequestsSigned

boolean isWantAuthnRequestsSigned()

Specifies whether incoming authentication requests must be signed. If set, authentication requests that are not signed are not accepted.

Specified by:

isWantAuthnRequestsSigned in interface SingleSignOnServicesConfigSpi

Returns:

Want <AuthnRequest> documents signed flag

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setWantAuthnRequestsSigned

void setWantAuthnRequestsSigned(boolean wantAuthnRequestsSigned)

Determines that authentication requests must be signed.

Parameters:

wantAuthnRequestsSigned - WAnt <AuthnRequest> documents signed flag

isRecipientCheckEnabled

boolean isRecipientCheckEnabled()

Specifies whether the recipient/destination check is enabled. When true, the recipient of the SAML Request/Response must match the URL in the HTTP Request.

Specified by:

isRecipientCheckEnabled in interface SingleSignOnServicesConfigSpi

Returns:

The recipient check enabled value.

Default Value:

true

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setRecipientCheckEnabled

void setRecipientCheckEnabled(boolean postRecipientCheckEnabled)
                       throws javax.management.InvalidAttributeValueException

Set the POST recipient check enabled value.

Parameters:

postRecipientCheckEnabled - The POST recipient check enabled value to set.

Throws:

javax.management.InvalidAttributeValueException

isPOSTOneUseCheckEnabled

boolean isPOSTOneUseCheckEnabled()

Specifies whether the POST one-use check is enabled.

If set, the local site POST binding endpoints will store identifiers of all inbound documents to ensure that those documents are not presented more than once.

Specified by:

isPOSTOneUseCheckEnabled in interface SingleSignOnServicesConfigSpi

Returns:

The POST one-use check enabled value.

Default Value:

true

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setPOSTOneUseCheckEnabled

void setPOSTOneUseCheckEnabled(boolean postOneUseCheckEnabled)
                        throws javax.management.InvalidAttributeValueException

Set the POST one-use check enabled value.

Parameters:

postOneUseCheckEnabled - The POST one-use check enabled value to set.

Throws:

javax.management.InvalidAttributeValueException

getTransportLayerSecurityKeyAlias

java.lang.String getTransportLayerSecurityKeyAlias()

The string alias used to store and retrieve the server's private key, which is used to establish outgoing TLS/SSL connections.

If you do not specify an alias, the server's configured SSL private key alias from the server's SSL configuration is used for the TLS alias by default.

Specified by:

getTransportLayerSecurityKeyAlias in interface SingleSignOnServicesConfigSpi

Returns:

The TLS/SSL Signing key.

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setTransportLayerSecurityKeyAlias

void setTransportLayerSecurityKeyAlias(java.lang.String keyAlias)

Set the TLS/SSL key alias.

Parameters:

keyAlias - The key alias to set.

See Also:

getTransportLayerSecurityKeyAlias()

getTransportLayerSecurityKeyPassPhrase

java.lang.String getTransportLayerSecurityKeyPassPhrase()

The passphrase used to retrieve the server's private key from the keystore.

If you do not specify either an alias or a passphrase, the server's configured SSL private key alias and private key passphrase from the server's SSL configuration is used for the TLS alias and passphrase by default.

Specified by:

getTransportLayerSecurityKeyPassPhrase in interface SingleSignOnServicesConfigSpi

Returns:

The key PassPhrase.

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setTransportLayerSecurityKeyPassPhrase

void setTransportLayerSecurityKeyPassPhrase(java.lang.String keyPassPhrase)
                                     throws javax.management.InvalidAttributeValueException

Sets the value of the TransportLayerSecurityKeyPassPhrase attribute.

When you get the value of this attribute, WebLogic Server does the following:

1. Retrieves the value of the TransportLayerSecurityKeyPassPhraseEncrypted attribute.
2. Decrypts the value and returns the unencrypted passphrase as a String.

When you set the value of this attribute, WebLogic Server does the following:

1. Encrypts the value.
2. Sets the value of the TransportLayerSecurityKeyPassPhraseEncrypted attribute to the encrypted value.

Using this attribute (TransportLayerSecurityKeyPassPhrase) is a potential security risk because the String object (which contains the unencrypted passphrase) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.

Instead of using this attribute, use getTransportLayerSecurityKeyPassPhraseEncrypted.

Parameters:

keyPassPhrase - The key PassPhrase to set.

Throws:

javax.management.InvalidAttributeValueException

getTransportLayerSecurityKeyPassPhraseEncrypted

byte[] getTransportLayerSecurityKeyPassPhraseEncrypted()

The encrypted passphrase used to retrieve the local site's TLS/SSL key from the keystore.

To set this attribute, use weblogic.management.EncryptionHelper.encrypt() to encrypt the value. Then set this attribute to the output of the encrypt() method.

To compare a password that a user enters with the encrypted value of this attribute, go to the same WebLogic Server instance that you used to set and encrypt this attribute and use weblogic.management.EncryptionHelper.encrypt() to encrypt the user-supplied password. Then compare the encrypted values.

Specified by:

getTransportLayerSecurityKeyPassPhraseEncrypted in interface SingleSignOnServicesConfigSpi

Returns:

The encrypted signingKeyPassPhrase.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setTransportLayerSecurityKeyPassPhraseEncrypted

void setTransportLayerSecurityKeyPassPhraseEncrypted(byte[] keyPassPhraseEncrypted)
                                              throws javax.management.InvalidAttributeValueException

Sets the value of the TransportLayerSecurityKeyPassPhraseEncrypted attribute.

Parameters:

keyPassPhraseEncrypted - The keyPassPhraseEncrypted value to set.

Throws:

javax.management.InvalidAttributeValueException

getBasicAuthUsername

java.lang.String getBasicAuthUsername()

The username that is used to assign Basic authentication credentials to outgoing HTTPS connections.

Specified by:

getBasicAuthUsername in interface SingleSignOnServicesConfigSpi

Returns:

The Basic Authentication username.

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setBasicAuthUsername

void setBasicAuthUsername(java.lang.String name)

Sets Basic Authentication username

Parameters:

name - Username

getBasicAuthPassword

java.lang.String getBasicAuthPassword()

The password used to assign Basic Authentication credentials to outgoing HTTPS connections

Specified by:

getBasicAuthPassword in interface SingleSignOnServicesConfigSpi

Returns:

The Basic Authentication password.

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setBasicAuthPassword

void setBasicAuthPassword(java.lang.String password)
                   throws javax.management.InvalidAttributeValueException

Sets the value of the BasicAuthPassword attribute.

When you get the value of this attribute, WebLogic Server does the following:

1. Retrieves the value of the BasicAuthPasswordEncrypted attribute.
2. Decrypts the value and returns the unencrypted passphrase as a String.

When you set the value of this attribute, WebLogic Server does the following:

1. Encrypts the value.
2. Sets the value of the BasicAuthPasswordEncrypted attribute to the encrypted value.

Using this attribute (BasicAuthPassword) is a potential security risk because the String object (which contains the unencrypted passphrase) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.

Instead of using this attribute, use getBasicAuthPasswordEncrypted.

Parameters:

password - The password to set.

Throws:

javax.management.InvalidAttributeValueException

getBasicAuthPasswordEncrypted

byte[] getBasicAuthPasswordEncrypted()

The encrypted password used assign Basic Authentication credentials to outgoing HTTPS connections.

To set this attribute, use weblogic.management.EncryptionHelper.encrypt() to encrypt the value. Then set this attribute to the output of the encrypt() method.

To compare a password that a user enters with the encrypted value of this attribute, go to the same WebLogic Server instance that you used to set and encrypt this attribute and use weblogic.management.EncryptionHelper.encrypt() to encrypt the user-supplied password. Then compare the encrypted values.

Specified by:

getBasicAuthPasswordEncrypted in interface SingleSignOnServicesConfigSpi

Returns:

The encrypted signingKeyPassPhrase.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setBasicAuthPasswordEncrypted

void setBasicAuthPasswordEncrypted(byte[] passwordEncrypted)
                            throws javax.management.InvalidAttributeValueException

Sets the value of the BasicAuthPasswordEncrypted attribute.

Parameters:

passwordEncrypted - The passwordEncrypted value to set.

Throws:

javax.management.InvalidAttributeValueException

isWantArtifactRequestsSigned

boolean isWantArtifactRequestsSigned()

Specifies whether incoming artifact requests must be signed.

This attribute can be set if the Artifact binding is enabled.

Specified by:

isWantArtifactRequestsSigned in interface SingleSignOnServicesConfigSpi

Returns:

Want <ArtifactRequest> documents signed flag

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setWantArtifactRequestsSigned

void setWantArtifactRequestsSigned(boolean wantSigned)

Sets the flag that determines if <ArtifactRequest> documents will be signed

Parameters:

wantSigned - Want <ArtifactRequest> documents signed flag

isWantTransportLayerSecurityClientAuthentication

boolean isWantTransportLayerSecurityClientAuthentication()

Specifies whether TLS/SSL client authentication is required.

If enabled, callers to TLS/SSL bindings of the local site must specify client authentication (two-way SSL), and the identity specified must validate against the TLS certificate of the binding client partner.

Specified by:

isWantTransportLayerSecurityClientAuthentication in interface SingleSignOnServicesConfigSpi

Returns:

Want TLS/SSL client authentication flag

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setWantTransportLayerSecurityClientAuthentication

void setWantTransportLayerSecurityClientAuthentication(boolean wantAuthentication)

Sets the flag that determines if TLS/SSL client authentication is required.

Parameters:

wantAuthentication - Want TLS/SSL client authentication flag

isWantBasicAuthClientAuthentication

boolean isWantBasicAuthClientAuthentication()

Specifies whether Basic Authentication client authentication is required.

If enabled, callers to HTTPS bindings of the local site must specify a Basic authentication header, and the username and password must be validated against the Basic authentication values of the binding client partner.

Specified by:

isWantBasicAuthClientAuthentication in interface SingleSignOnServicesConfigSpi

Returns:

Want basic authentication client authentication flag

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setWantBasicAuthClientAuthentication

void setWantBasicAuthClientAuthentication(boolean wantBA)

Sets the flag that determines if Basic Authentication client authentication is wanted

Parameters:

wantBA - want Basic Authentication client authentication flag

getAuthnRequestMaxCacheSize

int getAuthnRequestMaxCacheSize()

The maximum size of the authentication request cache.

This cache stores documents issued by the local Service Provider that are awaiting response from a partner Identity Provider.

Specify '0' to indicate that the cache is unbounded.

Specified by:

getAuthnRequestMaxCacheSize in interface SingleSignOnServicesConfigSpi

Returns:

Maximum size of <AuthnRequest> document cache.

Default Value:

10000

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setAuthnRequestMaxCacheSize

void setAuthnRequestMaxCacheSize(int cacheSize)

getAuthnRequestTimeout

int getAuthnRequestTimeout()

The maximum timeout (in seconds) of <AuthnRequest> documents stored in the local cache.

This cache stores documents issued by the local Service provider that are awaiting response from a partner Identity Provider. Documents that reach this maximum timeout duration are expired from the local cache even if no response is received from the Identity Provider. If a response is subsequently returned by the Identity Provider, the cache behaves as if the <AuthnRequest> had never been generated.

Specified by:

getAuthnRequestTimeout in interface SingleSignOnServicesConfigSpi

Returns:

Maximum timeout (in seconds) of <AuthnRequest> documents stored in the local cache.

Default Value:

300

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setAuthnRequestTimeout

void setAuthnRequestTimeout(int timeout)

getArtifactMaxCacheSize

int getArtifactMaxCacheSize()

The maximum size of the artifact cache.

This cache contains the artifacts issued by the local site that are awaiting referencing by a partner. Specify '0' to indicate that the cache is unbounded.

Specified by:

getArtifactMaxCacheSize in interface SingleSignOnServicesConfigSpi

Returns:

Maximum size of artifact cache.

Default Value:

10000

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setArtifactMaxCacheSize

void setArtifactMaxCacheSize(int cacheSize)

getArtifactTimeout

int getArtifactTimeout()

The maximum timeout (in seconds) of artifacts stored in the local cache.

This cache stores artifacts issued by the local site that are awaiting referencing by a partner. Artifacts that reach this maximum timeout duration are expired in the local cache even if no reference request has been received from the partner. If a reference request is subsequently received from the partner, the cache behaves as if the artifact had never been generated.

Specified by:

getArtifactTimeout in interface SingleSignOnServicesConfigSpi

Returns:

Maximum timeout (in seconds) of artifacts stored in the local cache.

Default Value:

300

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setArtifactTimeout

void setArtifactTimeout(int timeout)

isReplicatedCacheEnabled

boolean isReplicatedCacheEnabled()

Specifies whether the persistent cache (LDAP or RDBMS) is used for storing SAML 2.0 artifacts and authentication requests.

RDBMS is required by the SAML 2.0 security providers in production environments. Use LDAP only in development environments.

If this is not set, artifacts and requests are saved in memory.

If you are configuring SAML 2.0 services for two or more WebLogic Server instances in a domain, you must enable the replicated cache individually on each server. In addition, if you are configuring SAML 2.0 services in a cluster, each Managed Server must also be configured individually.

Specified by:

isReplicatedCacheEnabled in interface SingleSignOnServicesConfigSpi

Returns:

Use Replicated Cache flag.

Default Value:

false

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

setReplicatedCacheEnabled

void setReplicatedCacheEnabled(boolean replicated)

Sets the Use Replicated Cache flag.

Parameters:

replicated - Use Replicated Cache flag

isAssertionEncryptionEnabled

boolean isAssertionEncryptionEnabled()

Get assertion encryption enabled flag

Specified by:

isAssertionEncryptionEnabled in interface SingleSignOnServicesConfigSpi

Returns:

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setAssertionEncryptionEnabled

void setAssertionEncryptionEnabled(boolean assertionEncryptionEnabled)

Set the AssertionEncryptionEnabled flag

Parameters:

assertionEncryptionEnabled - assertion encryption enabled flag

getDataEncryptionAlgorithm

java.lang.String getDataEncryptionAlgorithm()

Get the preferred data encryption algorithm for SAML assertion encryption. This algorithm is used if it is found in the Service Provider's metadata or if the Service Partner's metadata does not include any data encryption algorithm.

Specified by:

getDataEncryptionAlgorithm in interface SingleSignOnServicesConfigSpi

Returns:

Default Value:

SingleSignOnServicesMBean.AES128_GCM

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

getKeyEncryptionAlgorithm

java.lang.String getKeyEncryptionAlgorithm()

Get the preferred key encryption algorithm for SAML assertion encryption. This algorithm is used if it is found in the Service Provider's metadata or if the Service Partner's metadata does not include any key encryption algorithm.

Specified by:

getKeyEncryptionAlgorithm in interface SingleSignOnServicesConfigSpi

Returns:

the key encryption algorithm

Default Value:

SingleSignOnServicesMBean.RSAOAEP11

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setKeyEncryptionAlgorithm

void setKeyEncryptionAlgorithm(java.lang.String keyEncryptionAlgorithm)
                        throws javax.management.InvalidAttributeValueException

Set the preferred key encryption algorithm. Valid values are "rsa-oaep", "rsa-oaep-mgf1p", "rsa-1_5". XML Encryption Syntax and Processing Version 1.1 Specification does not recommend "rsa-1_5".

Parameters:

keyEncryptionAlgorithm - assertion key encryption algorithm flag

Throws:

javax.management.InvalidAttributeValueException

getMetadataEncryptionAlgorithms

java.lang.String[] getMetadataEncryptionAlgorithms()

Description copied from interface: SingleSignOnServicesConfigSpi

Get the list of algorithms to put in the metadata.

Specified by:

getMetadataEncryptionAlgorithms in interface SingleSignOnServicesConfigSpi

Returns:

The default list of data, key encryption algorithms to be published in a WebLogic Service Partner's metadata.

Default Value:

SingleSignOnServicesMBean.AES128_GCM, SingleSignOnServicesMBean.AES192_GCM, SingleSignOnServicesMBean.AES256_GCM, SingleSignOnServicesMBean.AES128_CBC, SingleSignOnServicesMBean.AES192_CBC, SingleSignOnServicesMBean.AES256_CBC, SingleSignOnServicesMBean.RSAOAEP11, SingleSignOnServicesMBean.RSAOAEP

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setMetadataEncryptionAlgorithms

void setMetadataEncryptionAlgorithms(java.lang.String[] algorithms)
                              throws javax.management.InvalidAttributeValueException

Parameters:

algorithms - the list of data and key encryption algorithms to set

Throws:

javax.management.InvalidAttributeValueException

getAssertionEncryptionDecryptionKeyAlias

java.lang.String getAssertionEncryptionDecryptionKeyAlias()

The keystore alias for the certificate and private key to be used to encrypt and decrypt SAML Assertions.

The certificate is published in the SP metadata, which will be used by an external SP to encrypt SAML assertions.

The private key is used to decrypt assertions. If the alias is not specified, the server's configured SSL identity alias is used by default.

Specified by:

getAssertionEncryptionDecryptionKeyAlias in interface SingleSignOnServicesConfigSpi

Returns:

The assertion encryption, decryption key alias.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setAssertionEncryptionDecryptionKeyAlias

void setAssertionEncryptionDecryptionKeyAlias(java.lang.String assertionEncryptionDecryptionKeyAlias)

Set the Assertion encryption, decryption key alias.

Parameters:

assertionEncryptionDecryptionKeyAlias - The assertion encryption, decryption key alias to set.

See Also:

getAssertionEncryptionDecryptionKeyAlias()

getAssertionEncryptionDecryptionKeyPassPhrase

java.lang.String getAssertionEncryptionDecryptionKeyPassPhrase()

The passphrase used to retrieve the local site's Assertion key from the keystore.

Specified by:

getAssertionEncryptionDecryptionKeyPassPhrase in interface SingleSignOnServicesConfigSpi

Returns:

The assertionEncryptionDecryptionKeyPassPhrase.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setAssertionEncryptionDecryptionKeyPassPhrase

void setAssertionEncryptionDecryptionKeyPassPhrase(java.lang.String assertionEncryptionDecryptionKeyPassPhrase)
                                            throws javax.management.InvalidAttributeValueException

Sets the value of the AssertionEncryptionDecryptionKeyPassPhrase attribute.

When you get the value of this attribute, WebLogic Server does the following:

1. Retrieves the value of the AssertionEncryptionDecryptionKeyPassPhraseEncrypted attribute.
2. Decrypts the value and returns the unencrypted passphrase as a String.

When you set the value of this attribute, WebLogic Server does the following:

1. Encrypts the value.
2. Sets the value of the AssertionEncryptionDecryptionKeyPassPhraseEncrypted attribute to the encrypted value.

Using this attribute (AssertionEncryptionDecryptionKeyPassPhrase) is a potential security risk because the String object (which contains the unencrypted passphrase) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.

Instead of using this attribute, use getAssertionEncryptionDecryptionKeyPassPhraseEncrypted.

Parameters:

assertionEncryptionDecryptionKeyPassPhrase - The assertionEncryptionDecryptionKeyPassPhrase to set.

Throws:

javax.management.InvalidAttributeValueException

getAssertionEncryptionDecryptionKeyPassPhraseEncrypted

byte[] getAssertionEncryptionDecryptionKeyPassPhraseEncrypted()

The encrypted passphrase used to retrieve the local site's Assertion key from the keystore.

To set this attribute, use weblogic.management.EncryptionHelper.encrypt() to encrypt the value. Then set this attribute to the output of the encrypt() method.

To compare a password that a user enters with the encrypted value of this attribute, go to the same WebLogic Server instance that you used to set and encrypt this attribute and use weblogic.management.EncryptionHelper.encrypt() to encrypt the user-supplied password. Then compare the encrypted values.

Specified by:

getAssertionEncryptionDecryptionKeyPassPhraseEncrypted in interface SingleSignOnServicesConfigSpi

Returns:

The encrypted assertionEncryptionDecryptionKeyPassPhrase.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setAssertionEncryptionDecryptionKeyPassPhraseEncrypted

void setAssertionEncryptionDecryptionKeyPassPhraseEncrypted(byte[] assertionEncryptionDecryptionKeyPassPhraseEncrypted)
                                                     throws javax.management.InvalidAttributeValueException

Sets the value of the AssertionEncryptionDecryptionKeyPassPhraseEncrypted attribute.

Parameters:

assertionEncryptionDecryptionKeyPassPhraseEncrypted - The assertionEncryptionDecryptionKeyPassPhraseEncrypted value to set.

Throws:

javax.management.InvalidAttributeValueException

getAllowedTargetHosts

java.lang.String[] getAllowedTargetHosts()

List of hosts to compare against the host in the SAML SP target redirect URL. When the list is empty, the target redirect URL will not be checked.

Specified by:

getAllowedTargetHosts in interface SingleSignOnServicesConfigSpi

Returns:

List of the allowed destination hosts where the target URL may be redirected

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setAllowedTargetHosts

void setAllowedTargetHosts(java.lang.String[] allowedTargetHosts)
                    throws javax.management.InvalidAttributeValueException

Set the allowed target hosts for url redirection

Parameters:

allowedTargetHosts - array of allowed target hosts

Throws:

javax.management.InvalidAttributeValueException