9-6 Programming Security for Oracle WebLogic Server
■
Also implement the SAMLCredentialNameMapper interface. The SAMLCredentialAttributeMapper and SAMLCredentialNameMapper
interfaces must both be in the same implementation.
By also implementing the SAMLCredentialNameMapper interface, you can later use the WebLogic Server Administration Console to set the
NameMapperClassName attribute to the class name of this SAMLCredentialAttributeMapper instance.
You configure the custom SAML name mapper in the active security realm, using the User Name Mapper Class Name attribute of the SAML Credential Mapping
Provider Version 2.
9.3.2 Do You Need Multiple SAMLCredentialAttributeMapper Implementations?
The name mapper class name you configure for a SAML Credential Mapping Provider Version 2, as described in
Section 9.3.5, Make the Custom SAMLCredentialAttributeMapper Class Available in the Console,
is used as the default for that provider. However, you can optionally set a name mapper class name
specific to any or all of the Relying Parties configured for the SAML Credential Mapping Provider Version 2. Setting the name mapper class name in this manner
overrides the default value. If the configured SAML Relying Parties require different attributes, you can create multiple SAMLCredentialAttributeMapper
implementations.
9.3.3 Classes, Interfaces, and Methods
This section describes the new classes, interfaces, and methods that you must use when creating your custom SAML name mapper implementation. See
Section 9.3.4, Example Custom SAMLCredentialAttributeMapper Class,
for example code.
9.3.3.1 SAMLAttributeStatementInfo Class
Example 9–1 shows the methods and arguments in the
SAMLAttributeStatementInfo class. Embedded comments provide additional information and context.
Example 9–1 Listing of SAMLAttributeStatementInfo Class
A class that represents the attributes of an AttributeStatement in a SAML Assertion
class SAMLAttributeStatementInfo { Constructs a SAMLAttributeStatementInfo with
no attributes. The SAMLAttributeStatementInfo represents a empty SAMLAttributeStatement. It is
expected that SAMLAttributeInfo elements will be added to this instance.
Public SAMLAttributeStatementInfo; Constructs a SAMLAttributeStatementInfo containing multiple
SAMLAttributeInfo elements. The SAMLAttributeStatementInfo
SAML APIs 9-7
represents a SAML AttributeStatement with multiple Attributes. param data SAMLAttributeInfo
public SAMLAttributeStatementInfoCollection data; returns a Collection of SAMLAttributeInfo elements. The
collection represents the Attributes contained by a single AttributeStatement of a SAML Assertion
The returned Collection is immutable and may be empty. return Collection
public Collection getAttributeInfo; adds a Collection of SAMLAttributeInfo instances to
this SAMLAttributeStatementInfo instance, to the end of the existing list, in the order that the
param Collection iterates through the Collection. See SAMLAttributeInfoString, String, Collection
for information on parameter handling. param data
public void setAttributeInfoCollection data; Adds a single SAMLAttributeInfo instance to this
SAMLAttributeStatementInfo instance, at the end of the existing list.
See SAMLAttributeInfoString, String, Collection for information on parameter handling.
param info
public void addAttributeInfoSAMLAttributeInfo info;
9.3.3.1.1 SAMLAttributeInfo Class
Example 9–2 shows the methods and arguments in the
SAMLAttributeInfo class. Embedded comments provide additional information and context.
Example 9–2 Listing of SAMLAttributeInfo Class
A class that represents a single Attribute of a SAML Assertion AttributeStatement.
9-8 Programming Security for Oracle WebLogic Server
class SAMLAttributeInfo { Constructs a SAMLAttributeInfo instance with all null fields
public SAMLAttributeInfo; Constructs a SAMLAttributeInfo instance representing the SAML 1.1
Attribute fields null elements of the Collection are ignored.
Elements with null ‘name’ or ‘namespace’ fields are ignored; the resulting SAMLAttributeInfo will not
be included in a created SAMLAssertion. Null attribute values are added as the empty string ie, “”.
param name String param namespace String
param values Collection of String values
public SAMLAttributeInfoString name, String namespace, Collection values; Constructs a SAMLAttributeInfo instance representing the attribute fields
See SAMLAttributeInfoString, String, Collection for information on parameter handling.
param name String param namespace String
param value String
public SAMLAttributeInfoString name, String namespace, String value; sets the name and namespace of this attribute
See SAMLAttributeInfoString, String, Collection for information on parameter handling.
param name String, cannot be null param namespace String, cannot be null
public void setAttributeNameString name, String namespace; returns the name of this attribute.
return String
public String getAttributeName; returns a String representing this attributes namespace
return String
public String getAttributeNamespace;
SAML APIs 9-9
sets a Collection of Strings representing this attributes values an empty collection adds no values to this instance, collection elements
that are null are added as empty strings. param values Collection
public void setAttributeValuesCollection values; adds a single String value to the end
of this instance’s Collection of elements See SAMLAttributeInfoString, String, Collection for
information on parameter handling. param value String
public void addAttributeValueString value; returns a Collection of Strings representing this
attributes values, in the order they were added. If this attribute has no values, the returned
value is null. return Collection
public Collection getAttributeValues; }
9.3.3.2 SAMLCredentialAttributeMapper Interface