9-6 Programming Security for Oracle WebLogic Server ■ Also implement the SAMLCredentialNameMapper interface. The SAMLCredentialAttributeMapper and SAMLCredentialNameMapper interfaces must both be in the same implementation. By also implementing the SAMLCredentialNameMapper interface, you can later use the WebLogic Server Administration Console to set the NameMapperClassName attribute to the class name of this SAMLCredentialAttributeMapper instance. You configure the custom SAML name mapper in the active security realm, using the User Name Mapper Class Name attribute of the SAML Credential Mapping Provider Version 2. 9.3.2 Do You Need Multiple SAMLCredentialAttributeMapper Implementations? The name mapper class name you configure for a SAML Credential Mapping Provider Version 2, as described in Section 9.3.5, Make the Custom SAMLCredentialAttributeMapper Class Available in the Console, is used as the default for that provider. However, you can optionally set a name mapper class name specific to any or all of the Relying Parties configured for the SAML Credential Mapping Provider Version 2. Setting the name mapper class name in this manner overrides the default value. If the configured SAML Relying Parties require different attributes, you can create multiple SAMLCredentialAttributeMapper implementations.

9.3.3 Classes, Interfaces, and Methods

This section describes the new classes, interfaces, and methods that you must use when creating your custom SAML name mapper implementation. See Section 9.3.4, Example Custom SAMLCredentialAttributeMapper Class, for example code.

9.3.3.1 SAMLAttributeStatementInfo Class

Example 9–1 shows the methods and arguments in the SAMLAttributeStatementInfo class. Embedded comments provide additional information and context. Example 9–1 Listing of SAMLAttributeStatementInfo Class A class that represents the attributes of an AttributeStatement in a SAML Assertion class SAMLAttributeStatementInfo { Constructs a SAMLAttributeStatementInfo with no attributes. The SAMLAttributeStatementInfo represents a empty SAMLAttributeStatement. It is expected that SAMLAttributeInfo elements will be added to this instance. Public SAMLAttributeStatementInfo; Constructs a SAMLAttributeStatementInfo containing multiple SAMLAttributeInfo elements. The SAMLAttributeStatementInfo SAML APIs 9-7 represents a SAML AttributeStatement with multiple Attributes. param data SAMLAttributeInfo public SAMLAttributeStatementInfoCollection data; returns a Collection of SAMLAttributeInfo elements. The collection represents the Attributes contained by a single AttributeStatement of a SAML Assertion The returned Collection is immutable and may be empty. return Collection public Collection getAttributeInfo; adds a Collection of SAMLAttributeInfo instances to this SAMLAttributeStatementInfo instance, to the end of the existing list, in the order that the param Collection iterates through the Collection. See SAMLAttributeInfoString, String, Collection for information on parameter handling. param data public void setAttributeInfoCollection data; Adds a single SAMLAttributeInfo instance to this SAMLAttributeStatementInfo instance, at the end of the existing list. See SAMLAttributeInfoString, String, Collection for information on parameter handling. param info public void addAttributeInfoSAMLAttributeInfo info;

9.3.3.1.1 SAMLAttributeInfo Class

Example 9–2 shows the methods and arguments in the SAMLAttributeInfo class. Embedded comments provide additional information and context. Example 9–2 Listing of SAMLAttributeInfo Class A class that represents a single Attribute of a SAML Assertion AttributeStatement. 9-8 Programming Security for Oracle WebLogic Server class SAMLAttributeInfo { Constructs a SAMLAttributeInfo instance with all null fields public SAMLAttributeInfo; Constructs a SAMLAttributeInfo instance representing the SAML 1.1 Attribute fields null elements of the Collection are ignored. Elements with null ‘name’ or ‘namespace’ fields are ignored; the resulting SAMLAttributeInfo will not be included in a created SAMLAssertion. Null attribute values are added as the empty string ie, “”. param name String param namespace String param values Collection of String values public SAMLAttributeInfoString name, String namespace, Collection values; Constructs a SAMLAttributeInfo instance representing the attribute fields See SAMLAttributeInfoString, String, Collection for information on parameter handling. param name String param namespace String param value String public SAMLAttributeInfoString name, String namespace, String value; sets the name and namespace of this attribute See SAMLAttributeInfoString, String, Collection for information on parameter handling. param name String, cannot be null param namespace String, cannot be null public void setAttributeNameString name, String namespace; returns the name of this attribute. return String public String getAttributeName; returns a String representing this attributes namespace return String public String getAttributeNamespace; SAML APIs 9-9 sets a Collection of Strings representing this attributes values an empty collection adds no values to this instance, collection elements that are null are added as empty strings. param values Collection public void setAttributeValuesCollection values; adds a single String value to the end of this instance’s Collection of elements See SAMLAttributeInfoString, String, Collection for information on parameter handling. param value String public void addAttributeValueString value; returns a Collection of Strings representing this attributes values, in the order they were added. If this attribute has no values, the returned value is null. return Collection public Collection getAttributeValues; }

9.3.3.2 SAMLCredentialAttributeMapper Interface