SAML APIs 9-9
sets a Collection of Strings representing this attributes values an empty collection adds no values to this instance, collection elements
that are null are added as empty strings. param values Collection
public void setAttributeValuesCollection values; adds a single String value to the end
of this instance’s Collection of elements See SAMLAttributeInfoString, String, Collection for
information on parameter handling. param value String
public void addAttributeValueString value; returns a Collection of Strings representing this
attributes values, in the order they were added. If this attribute has no values, the returned
value is null. return Collection
public Collection getAttributeValues; }
9.3.3.2 SAMLCredentialAttributeMapper Interface
The SAML Credential Mapping Provider Version 2 determines if the custom SAML name mapper is an implementation of the attribute mapping interface and, if so, calls
the methods of the attribute mapping interface to obtain SAML attribute namevalue pairs to write to the generated SAML assertion. If the implementation does not
support the attribute mapping interface, attribute mapping is silently skipped.
The SAML Credential Mapping Provider Version 2 does not validate the attribute names or values obtained from the custom attribute mapper. Attribute names and
values are treated as follows:
■
Any attribute with a non-null attribute name and namespace is written to the SAML assertion.
■
An attribute with a null attribute name or namespace is ignored, and subsequent attributes of the same Collection are processed normally.
■
Any attribute with a null value is written to the SAMLAttributeInfo instances with a value of . The resulting SAML assertion is written as the string
AttributeValueAttributeValue.
Example 9–3 Listing of SAMLCredentialAttributeMapper Interface
Interface used to perform mapping of Subject to SAMLAssertions attributes.
9-10 Programming Security for Oracle WebLogic Server
p To specify an instance of this interface to be used by the SAML
Credential Mapper, set the ttNameMapperClassNamett attribute. p
Classes implementing this interface must have a public no-arg constructor and must be in the system classpath.
author Copyright c 2008 by BEA Systems, Inc. All Rights Reserved.
public interface SAMLCredentialAttributeMapper {
Maps a codeSubjectcode to a set of values used to construct a codeSAMLAttributeStatementInfocode element for a SAML assertion.
The returned codeCollectioncode contains SAMLAttributeStatementInfo elements, each element
of which will be used to construct a SAML codeAttributeStatementcode element for the SAML
assertion. param subject The codeSubjectcode that should be mapped.
param handler The codeContextHandlercode passed to the SAML Credential Mapper.
return A codeCollectioncode of SAMLAttributeStatementInfo instances,or codenullcode if no mapping is made.
public Collection mapAttributesSubject subject, ContextHandler handler;
9.3.3.2.1 New Methods for SAMLNameMapperInfo Class The
SAMLCredentialNameMapper calls new methods on the SAMLNameMapperInfo class to get and set the authentication method attribute to be written to the SAML
Assertion.
The new methods are shown in Example 9–4
. Embedded comments provide additional information and context.
Example 9–4 Listing of SAMLNameMapperInfo Class
public class SAMLNameMapperInfo {
[ existing definition ] Called by the SAML Credential Name Mapper implementation to set
the authentication method attribute to be written to the SAML Assertion. See SAML 1.1 Assertions and Protocols, Section 7.1 for possible
values returned. param value the Authentication Method
public void setAuthenticationMethodString value; Called by the SAML Credential Mapper to retrive the authentication
method attribute to be written to the SAML Assertion. See SAML 1.1 Assertions and Protocols, Section 7.1 for possible values returned.
SAML APIs 9-11
return the Authentication Method
public String getAuthenticationMethod;
9.3.4 Example Custom SAMLCredentialAttributeMapper Class
