Oracle Fusion Middleware Administration Console Online Help for Oracle WebLogic Server 12.2.1.3.0
E80374-05

OTN Home      Community     

Administration Console Online Help

SAML Credential Mapping Provider V2: Provider Specific

Configuration Options     Related Tasks     Related Topics

Use this page to configure provider-specific information for this SAML Credential Mapping Version 2 provider.

Configuration Options

Name	Description
Signing Key Alias	The alias used to retrieve from the keystore the key that is used to sign assertions. MBean Attribute: SAMLCredentialMapperV2MBean.SigningKeyAlias
Signing Key Pass Phrase	The credential (password) used to retrieve from the keystore the keys used to sign assertions. MBean Attribute: SAMLCredentialMapperV2MBean.SigningKeyPassPhrase
Default Name Mapper Class Name	The name of the Java class that maps Subjects to SAML Assertion name information. When no mapper is specified, the default mapper implementation is used. When you configure a SAML Relying Party, using the Management tab, you can set a Name Mapper Class specific to that Relying Party, which will override the default value you set here. MBean Attribute: SAMLCredentialMapperV2MBean.NameMapperClassName
Name Qualifier	The Name Qualifier value used by the Name Mapper. The value of the Name Qualifier is the security or administrative domain that qualifies the name of the subject. This provides a means to federate names from disparate user stores while avoiding the possibility of subject name collision. MBean Attribute: SAMLCredentialMapperV2MBean.NameQualifier
Default Time To Live	Time in seconds that, by default, an assertion should remain valid. If the value is zero, then assertions have an infinite lifetime. Using assertions with an infinite lifetime is not recommended, however. MBean Attribute: SAMLCredentialMapperV2MBean.DefaultTimeToLive Minimum value: 0
Default Time To Live Offset	A time factor you can use to allow the Credential Mapper to compensate for clock differences between the source and destination sites. The value is a positive or negative integer representing seconds. Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). This value is a positive or negative integer indicating how many seconds before or after "now" the assertions NotBefore should be set to. If you set a value for DefaultTimeToLiveDelta, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + TimeToLiveDelta). So, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now. This allows the Credential Mapper to compensate for clock differences between the source and destination sites. The default can be overridden for specific assertions. MBean Attribute: SAMLCredentialMapperV2MBean.DefaultTimeToLiveDelta
Minimum Parser Pool Size	The minimum number of parsers to maintain in the parser pool. MBean Attribute: SAMLCredentialMapperV2MBean.MinimumParserPoolSize Minimum value: 0 Changes take effect after you redeploy the module or restart the server.
Cred Cache Size	The size of the cache used to store assertion credentials. The cache stores assertion credentials so that requests for the same assertion may return a result from cache, rather than generate a new assertion. This can improve performance in cases where an application may make multiple requests for the same assertion, for the same user, within a short period of time. MBean Attribute: SAMLCredentialMapperV2MBean.CredCacheSize Minimum value: 0
Cred Cache Min Viable TTL	If an entry in the cache has less time to live than this value, the corresponding assertion will not be used. Instead, a new assertion will be generated. This attribute avoids the situation where an assertion is returned from the cache but expires before it can be evaluated at its destination. If the cached assertion's remaining time-to-live is too short, it will not be used. MBean Attribute: SAMLCredentialMapperV2MBean.CredCacheMinViableTTL Minimum value: 0
Issuer URI	The Issuer URI (name) of this SAML Authority. MBean Attribute: SAMLCredentialMapperV2MBean.IssuerURI

Related Tasks

• Configure authentication and identity assertion providers
• Manage security providers

Related Topics

• Configuring Keystores
• Configuring SAML 1.1 Services
• Configuring a SAML Credential Mapping Provider for SAML 1.1
• Configuring WebLogic Security Providers

Copyright © 2015-2021, Oracle Corporation and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Fusion Middleware Administration Console Online Help for Oracle WebLogic Server 12.2.1.3.0 Number E80374-05