DefaultIdentityAsserterMBean


Overview  |   Related MBeans  |   Attributes  |   Operations

Overview

The MBean that represents configuration atrributes for the WebLogic Identity Assertion provider. The WebLogic Identity Assertion provider supports identity assertion using X.509 certificates and CORBA Common Secure Interoperability version 2 (CS1 v2). The class also contains attributes for the default user name mapping class plus the list of trusted client principals.

   
Fully Qualified Interface NameIf you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:
weblogic.security.providers.authentication.DefaultIdentityAsserterMBean
Factory Methods No factory methods. Instances of this MBean are created automatically.


Related MBeans

This section describes attributes that provide access to other MBeans.


    Realm

    Returns the realm that contains this security provider. Returns null if this security provider is not contained by a realm.

           
    Privileges Read only
    TypeRealmMBean
    Relationship type: Reference.


    Attributes

    This section describes the following attributes:


    ActiveTypes

    Returns the token types that the Identity Assertion provider is currently configured to process.

           
    Privileges Read/Write
    Typeclass java.lang.String[]

    Base64DecodingRequired

    Returns whether the tokens that are passed to the Identity Assertion provider will be base64 decoded first. If false then the server will not base64 decode the token before passing it to the identity asserter. This defaults to true for backwards compatibility but most providers will probably want to set this to false.

           
    Privileges Read/Write
    Typeboolean
    Default Valuetrue

    DefaultUserNameMapperAttributeDelimiter

    The delimiter that ends the attribute value when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.

           
    Privileges Read/Write
    Typejava.lang.String
    Default Value@

    DefaultUserNameMapperAttributeType

    The name of the attribute from the subject DN to use when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.

           
    Privileges Read/Write
    Typejava.lang.String
    Default ValueE
    Legal Values
    • C
    • CN
    • E
    • L
    • O
    • OU
    • S
    • STREET

    Description

    A short description of the Identity Assertion provider.

           
    Privileges Read only
    Typejava.lang.String
    Default ValueWebLogic Identity Assertion provider
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    DigestDataSourceName

    The name of the data source to use for storage digest values. These digest values are used to detect replay attacks.

           
    Privileges Read/Write
    Typejava.lang.String

    DigestExpirationTimePeriod

    Determines how long digests are valid.

    A digest that was created before the specified time will not be valid. This setting impacts how long previous digest values must be stored in the database for use in detecting replay attacks.

           
    Privileges Read/Write
    Typeint
    Default Value300

    DigestReplayDetectionEnabled

    Enables the storage of the digest nonce values used to detect replay attacks.

    If this setting is enabled, you must configure a data source to store the nonces for the specified expiration period. WebLogic Server then stores all the nonces from digest authentication attempts for all the machines in the domain. On each digest authentication attempt, the nonce is validated against the stored nonces. If the nonce is present, a replay attack has occurred and the digest authentication attempt fails.

           
    Privileges Read/Write
    Typeboolean

    Name

           
    Privileges Read only
    Typejava.lang.String
    Default ValueDefaultIdentityAsserter
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    ProviderClassName

    The name of the Java class used to load the Identity Assertion provider.

           
    Privileges Read only
    Typejava.lang.String
    Default Valueweblogic.security.providers.authentication.DefaultIdentityAsserterProviderImpl
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    SupportedTypes

    The token types supported by the Identity Assertion provider.

           
    Privileges Read only
    Typeclass java.lang.String[]
    Default Value AuthenticatedUser X.509 CSI.PrincipalName CSI.ITTAnonymous CSI.X509CertChain CSI.DistinguishedName wsse:PasswordDigest
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    TrustedClientPrincipals

    The list of trusted client principals to use in CSI v2 identity assertion.

    The wildcard character (*) can be used to specify all principals are trusted. If a client is not listed as a trusted client principal, the CSIv2 identity assertion fails and the invoke is rejected.

           
    Privileges Read/Write
    Typeclass java.lang.String[]

    UseDefaultUserNameMapper

    Uses the user name mapping class provided by WebLogic Server. The default user name mapping class only validates that a certificate has not expired.

    If you require additional validation, you need to write your own user name mapping class. Writing your own user name mapping class also allows you to specify what attribute in the subject DN of the certificate is used to map to the user name.

           
    Privileges Read/Write
    Typeboolean

    UserNameMapperClassName

    The name of the Java class that maps X.509 digital certificates and X.501 distinguished names to WebLogic user names.

           
    Privileges Read/Write
    Typejava.lang.String

    Version

    The version number of the Identity Assertion provider.

           
    Privileges Read only
    Typejava.lang.String
    Default Value1.0
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.


    Operations

    This section describes the following operations:


    isSet

    Returns true if the specified attribute has been set explicitly in this MBean instance.

       
    Operation Name"isSet"
    ParametersObject [] {  propertyName }

    where:

    • propertyName is an object of type java.lang.String that specifies:

      property to check

    SignatureString [] { "java.lang.String" }
    Returns boolean
    Exceptions
    • java.lang.IllegalArgumentException

    unSet

    Restore the given property to its default value.

       
    Operation Name"unSet"
    ParametersObject [] {  propertyName }

    where:

    • propertyName is an object of type java.lang.String that specifies:

      property to restore

    SignatureString [] { "java.lang.String" }
    Returns void
    Exceptions
    • java.lang.IllegalArgumentException
      UnsupportedOperationException if called on a runtime implementation.

    wls_getDisplayName

    Returns the display name of an MBean.

    Deprecated 9.0.0.0

       
    Operation Name"wls_getDisplayName"
    Parametersnull
    Signaturenull
    ReturnsString