SAML 2.0 Identity Asserter: Web Single Sign-on Identity Provider Partner: General

edocs Home > Oracle WebLogic Server Documentation > Administration Console Online Help > SAML 2.0 Identity Asserter: Web Single Sign-on Identity Provider Partner: General

SAML 2.0 Identity Asserter: Web Single Sign-on Identity Provider Partner: General

Configuration Options Related Tasks Related Topics
Configures a SAML 2.0 Web Single Sign-on identity provider Partner's General Properties
The parameters that can be set on this Administration Console page can also be accessed programmatically via the Java interfaces that are identified in this help topic. For API information about those interfaces, see Related Topics.
Configuration Options

Name Description

Name of
Name of identity provider partner.
Available in the com.bea.security.saml2.providers.registry.Partner interface.
Enabled
Whether interactions with this identity provider partner are enabled on this server.
Available in the com.bea.security.saml2.providers.registry.Partner interface.
Description
Description of this identity provider partner.
Available in the com.bea.security.saml2.providers.registry.Partner interface.
identity provider Name Mapper Class Name
Override the default username mapper class which the SAML 2.0 Identity Asserter provider is configured in the security realm.
Custom implementation of the com.bea.security.saml2.providers.SAML2IdentityAsserterNameMapper Used for assertions received from this specific identity provider partner.
Available in the com.bea.security.saml2.providers.registry.IdPPartner interface.
Issuer URI
The Issuer URI of this identity provider partner.
The Issuer URI corresponds to the Entity ID contained in the metadata file received from this identity provider partner.
Available in the com.bea.security.saml2.providers.registry.IdPPartner interface.
Virtual User
Whether user information contained in assertions received from this identity provider partner are mapped to virtual users in the security realm.
Note that to use virtual users, configure the SAML Authentication provider.
Available in the com.bea.security.saml2.providers.registry.IdPPartner interface.
Redirect URIs
An optional set of URIs from which unauthenticated users will be redirected to the identity provider partner.
Note the following:

A URI may include a wildcard pattern, but the wildcard pattern must include a file type to match specific files in a directory. For example, to create a match for all files in the /targetapp directory, including all .jsp, .html, and .htm files, the following wildcard patterns are specified: /targetapp/* /targetapp/*.jsp /targetapp/*.html /targetapp/*.htm
If two or more identity provider partners are configured that are capable of authenticating a user for a given URI in this list, the authentication request is sent to the first matching partner that the SAML 2.0 services finds.
The use of Redirect URIs is only one mechanism for enabling a service provider initiated web single sign-on session. Another is to embed the service provider initiator service URI (by default, this is sp/sso/initiator) in the URI of the requested resource.
Available in the com.bea.security.saml2.providers.registry.WebSSOIdPPartner interface.
Process Attributes
Whether the SAML 2.0 Identity Asserter provider consumes attribute statements contained in assertions received from this identity provider partner.
To use this attribute, the SAML Authentication provider must be configured in the domain, and it must:

Be configured to run before other authentication providers
Have the JAAS Control Flag set to SUFFICIENT

The SAML Authentication provider creates an authenticated subject using the user name and groups extracted from a SAML assertion by the SAML 2.0 identity assertion provider.
Available in the com.bea.security.saml2.providers.registry.IdPPartner interface.
Only Accept Signed Authentication Requests
Whether authentication requests sent to this Identity Provider partner must be signed.
If this attribute is set to true, authentication requests sent to this identity provider partner are signed, even if the SAML 2.0 service provider configuration for the local site are not set to automatically sign authentication requests.
Available in the com.bea.security.saml2.providers.registry.WebSSOIdPPartner interface.
Only Accept Signed Artifact Requests
Whether SAML artifact requests received from this identity provider partner must be signed.
Available in the com.bea.security.saml2.providers.registry.WebSSOPartner interface.
Send Artifact via POST
Whether SAML artifacts are delivered to this Identity Provider partner via the HTTP POST method.
If not enabled, SAML artifacts are delivered via the HTTP GET method.
Available in the com.bea.security.saml2.providers.registry.WebSSOPartner interface.
Artifact Binding POST Form
The URL of the custom web application that generates the POST form for carrying the SAML response for Artifact bindings to this Identity Provider partner. Details about the required fields in this custom application are available in the OASIS SAML 2.0 specifications.
Available in the com.bea.security.saml2.providers.registry.WebSSOPartner interface.
POST Binding POST Form
The URL of the custom web application that generates the POST form for carrying the SAML response for POST bindings to this Identity Provider partner.
If a custom POST form is used, the parameters will be made available as a Map of names and values, but the form may or may not be constructed to include the parameters in the POSTed data. Details about the required fields in this custom application are available in the OASIS SAML 2.0 specifications.
Available in the com.bea.security.saml2.providers.registry.WebSSOPartner interface.
Client User Name
The user name that must be specified in the basic authentication header that is expected from this identity provider partner when the partner connects to the local site's SOAP/HTTPS binding.
Available in the com.bea.security.saml2.providers.registry.BindingClientPartner interface.
Client Password
The password of the client user name.
Available in the com.bea.security.saml2.providers.registry.BindingClientPartner interface.

Related Tasks

Create a SAML 2.0 Web Single Sign-on identity provider partner
Configure Authentication and identity assertion providers
Manage security providers

Related Topics

Configuring a SAML 2.0 service provider
Configuring the SAML Authentication Provider
Understanding WebLogic Security
Configuring Single Sign-On with Web Browsers and HTTP Clients
API description of com.bea.security.saml2.providers.registry.Partner interface
API description of com.bea.security.saml2.providers.registry.IdPPartner interface
API description of com.bea.security.saml2.providers.registry.WebSSOIdPPartner interface
API description of com.bea.security.saml2.providers.registry.WebSSOPartner interface interface
API description of com.bea.security.saml2.providers.registry.BindingClientPartner interface

Name	Description
Name of	Name of identity provider partner. Available in the `com.bea.security.saml2.providers.registry.Partner interface.`
Enabled	Whether interactions with this identity provider partner are enabled on this server. Available in the `com.bea.security.saml2.providers.registry.Partner interface.`
Description	Description of this identity provider partner. Available in the `com.bea.security.saml2.providers.registry.Partner interface.`
identity provider Name Mapper Class Name	Override the default username mapper class which the SAML 2.0 Identity Asserter provider is configured in the security realm. Custom implementation of the `com.bea.security.saml2.providers.SAML2IdentityAsserterNameMapper Used for assertions received from this specific identity provider partner.` `Available in the com.bea.security.saml2.providers.registry.IdPPartner interface.`
Issuer URI	The Issuer URI of this identity provider partner. The Issuer URI corresponds to the Entity ID contained in the metadata file received from this identity provider partner. Available in the `com.bea.security.saml2.providers.registry.IdPPartner interface.`
Virtual User	Whether user information contained in assertions received from this identity provider partner are mapped to virtual users in the security realm. Note that to use virtual users, configure the SAML Authentication provider. Available in the `com.bea.security.saml2.providers.registry.IdPPartner interface.`
Redirect URIs	An optional set of URIs from which unauthenticated users will be redirected to the identity provider partner. Note the following: A URI may include a wildcard pattern, but the wildcard pattern must include a file type to match specific files in a directory. For example, to create a match for all files in the `/targetapp directory, including all .jsp, .html, and .htm files, the following wildcard patterns are specified: /targetapp/* /targetapp/.jsp /targetapp/.html /targetapp/*.htm` `If two or more identity provider partners are configured that are capable of authenticating a user for a given URI in this list, the authentication request is sent to the first matching partner that the SAML 2.0 services finds.` `The use of Redirect URIs is only one mechanism for enabling a service provider initiated web single sign-on session. Another is to embed the service provider initiator service URI (by default, this is sp/sso/initiator) in the URI of the requested resource.` `Available in the com.bea.security.saml2.providers.registry.WebSSOIdPPartner interface.`
Process Attributes	Whether the SAML 2.0 Identity Asserter provider consumes attribute statements contained in assertions received from this identity provider partner. To use this attribute, the SAML Authentication provider must be configured in the domain, and it must: Be configured to run before other authentication providers Have the JAAS Control Flag set to SUFFICIENT The SAML Authentication provider creates an authenticated subject using the user name and groups extracted from a SAML assertion by the SAML 2.0 identity assertion provider. Available in the `com.bea.security.saml2.providers.registry.IdPPartner interface.`
Only Accept Signed Authentication Requests	Whether authentication requests sent to this Identity Provider partner must be signed. If this attribute is set to `true, authentication requests sent to this identity provider partner are signed, even if the SAML 2.0 service provider configuration for the local site are not set to automatically sign authentication requests.` `Available in the com.bea.security.saml2.providers.registry.WebSSOIdPPartner interface.`
Only Accept Signed Artifact Requests	Whether SAML artifact requests received from this identity provider partner must be signed. Available in the `com.bea.security.saml2.providers.registry.WebSSOPartner interface.`
Send Artifact via POST	Whether SAML artifacts are delivered to this Identity Provider partner via the HTTP POST method. If not enabled, SAML artifacts are delivered via the HTTP GET method. Available in the `com.bea.security.saml2.providers.registry.WebSSOPartner interface.`
Artifact Binding POST Form	The URL of the custom web application that generates the POST form for carrying the SAML response for Artifact bindings to this Identity Provider partner. Details about the required fields in this custom application are available in the OASIS SAML 2.0 specifications. Available in the `com.bea.security.saml2.providers.registry.WebSSOPartner interface.`
POST Binding POST Form	The URL of the custom web application that generates the POST form for carrying the SAML response for POST bindings to this Identity Provider partner. If a custom POST form is used, the parameters will be made available as a Map of names and values, but the form may or may not be constructed to include the parameters in the POSTed data. Details about the required fields in this custom application are available in the OASIS SAML 2.0 specifications. Available in the `com.bea.security.saml2.providers.registry.WebSSOPartner interface.`
Client User Name	The user name that must be specified in the basic authentication header that is expected from this identity provider partner when the partner connects to the local site's SOAP/HTTPS binding. Available in the `com.bea.security.saml2.providers.registry.BindingClientPartner interface.`
Client Password	The password of the client user name. Available in the `com.bea.security.saml2.providers.registry.BindingClientPartner interface.`