The MBean that represents configuration atrributes for the WebLogic OpenID Connect Identity Assertion provider. The WebLogic OpenID Connect Identity Assertion provider supports identity assertion using OIDC tokens from the OpenID Connect 1.0 on top of OAuth 2.0 protocol. The provider supports the identity assertion using the ID tokens granted from the OIDC Provider (OP).
| Fully Qualified Interface Name | If you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:
weblogic.security.providers.authentication.OIDCIdentityAsserterMBean
|
||
| Factory Methods | No factory methods. Instances of this MBean are created automatically. | ||
| Access Points Inherited from AuthenticationProviderMBean |
Because this MBean extends or implements AuthenticationProviderMBean, you can also access this MBean by retrieving AuthenticationProviderMBeans. The following attributes contain AuthenticationProviderMBeans and its subtypes:
|
This section describes attributes that provide access to other MBeans.
|
|
Returns the realm that contains this security provider. Returns null if this security provider is not contained by a realm.
| Privileges | Read only |
| Type | RealmMBean |
| Relationship type: | Reference. |
This section describes the following attributes:
The token types that are currently active.
| Privileges | Read/Write |
| Type | class java.lang.String[] |
| Default Value | oidc_token |
Returns whether the tokens that are passed to the Identity
Assertion provider will be base64 decoded first. If
false then the server will not base64 decode the token
before passing it to the identity asserter. This defaults to
true for backwards compatibility but most providers
will probably want to set this to false.
| Privileges | Read/Write |
| Type | boolean |
| Default Value | true |
The allowable variance, in seconds, for the token Expiration, Issued At, and Not Before attributes.
| Privileges | Read/Write |
| Type | int |
| Default Value | 120 |
A short description of the WebLogic OpenID Connect Identity Assertion provider.
| Privileges | Read only |
| Type | java.lang.String |
| Default Value | WebLogic OpenID Connect Identity Assertion provider |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
Returns the name of the identity domain.
| Privileges | Read/Write |
| Type | java.lang.String |
Specifies the maximum number of entries to OIDC JWKS cache.
| Privileges | Read/Write |
| Type | java.lang.Integer |
| Default Value | 10 |
| Minimum value | 2 |
The time-to-live (TTL) of the OIDC JWKS cache, in seconds.
| Privileges | Read/Write |
| Type | java.lang.Integer |
| Default Value | 300 |
| Minimum value | 120 |
| Privileges | Read only |
| Type | java.lang.String |
| Default Value | OIDCIdentityAsserter |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The name of the Java class used to load the WebLogic OpenID Connect Identity Assertion provider.
| Privileges | Read only |
| Type | java.lang.String |
| Default Value | weblogic.security.providers.authentication.OIDCIdentityAsserterProviderImpl |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
Specifies the maximum number of entries to OIDC request holder cache.
| Privileges | Read/Write |
| Type | java.lang.Integer |
| Default Value | 500 |
| Minimum value | 100 |
The time-to-live (TTL) of the OIDC request holder cache, in seconds.
| Privileges | Read/Write |
| Type | java.lang.Integer |
| Default Value | 300 |
| Minimum value | 120 |
The types of tokens supported by the OpenID Connect provider.
| Privileges | Read only |
| Type | class java.lang.String[] |
| Default Value | oidc_token |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
Claim ID used to extract the user ID (GUID) from the token.
| Privileges | Read/Write |
| Type | java.lang.String |
| Default Value | sub |
Claim ID used to extract the user name from the token.
| Privileges | Read/Write |
| Type | java.lang.String |
| Default Value | upn |
The version number of the WebLogic OpenID Connect Identity Assertion provider.
| Privileges | Read only |
| Type | java.lang.String |
| Default Value | 1.0 |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
Determines whether to allow identity assertion to authenticate WebLogic Server users who are not represented in the security store.
| Privileges | Read/Write |
| Type | boolean |
| Default Value | true |
This section describes the following operations:
Returns true if the specified attribute has been set explicitly in this MBean instance.
| Operation Name | "isSet" |
| Parameters | Object [] { propertyName }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns |
boolean
|
| Exceptions |
|
Restore the given property to its default value.
| Operation Name | "unSet" |
| Parameters | Object [] { propertyName }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns |
void
|
| Exceptions |
|
| Operation Name | "wls_getDisplayName" |
| Parameters | null |
| Signature | null |
| Returns | String
|