2-54 Securing WebLogic Web Services for Oracle WebLogic Server

2.11.5.1 Using SAML Attributes: Available Interfaces and Classes

You can use the classes and interfaces listed in Table 2–2 to implement SAML attributes. For more information, see WebLogic Server API Reference Javadoc. Of the classes and interfaces listed in Table 2–2 , the SAMLAttributeData interface deserves additional mention. The SAMLAttributeData interface supports both SAML 1.1 or SAML 2.0 attributes. It has the methods shown in Table 2–3 . Table 2–2 SAML Attribute Classes and Interfaces Interface or Class Description weblogic.wsee.securit y.saml.SAML2Credentia lProvider Credential Provider for SAML 2.0 assertions. weblogic.wsee.securit y.saml.SAMLCredential Provider Credential Provider for SAML 1.1 assertions. weblogic.wsee.securit y.saml.SAMLAttributeS tatementData This interface represents the attributes in a single attribute statement. For SAML 1.1 and 2.0. weblogic.wsee.securit y.saml.SAMLAttributeS tatementDataImpl This class represents the attributes in a single attribute statement. For SAML 1.1 and 2.0. weblogic.wsee.securit y.saml.SAMLAttributeD ata SAML attribute Info interface that can be either SAML 1.1 or SAML 2.0 attribute. weblogic.wsee.securit y.saml.SAMLAttributeD ataImpl Class that implements weblogic.wsee.security.saml.SAMLAttributeData. weblogic.wsee.securit y.saml.SAMLAttributeS tatementDataHelper Helper function to get the SAMLAttributeStatementData object Table 2–3 SAMLAttributeData Methods Method Description getAttributeName Get the attribute name. getAttributeNameForma t Get the attribute name format for SAML 2.0 only. getAttributeFriendlyN ame Get the Attribute friendly name. getAttributeValues Get the collection of attribute values. isSAML20 Check if this is a SAML 2.0 attribute. Return true if it is a SAML 2.0 attribute, false otherwise setAttributeNameStri ng attributeName Set the attribute name. setAttributeNameForma tString attributeNameFormat Set the attribute name format. Configuring Message-Level Security 2-55

2.11.5.2 Using SAML Attributes: Main Steps

The SAML2CredentialProvider and SAMLCredentialProvider classes provide mechanisms to add attributes into SAML assertions via the Web service context. On the SAML partner, you then use the SAMLAttributeStatementDataHelper.getSAMLAttributeStatementData method to map attributes from incoming SAML assertions based on the Web service context. To do this: ■ The SAML2CredentialProvider or SAMLCredentialProvider on the SAML Identity Provider site determines the attributes to use and how to package them. Implement both the SAMLAttributeStatementData and SAMLAttributeData interfaces to package the attributes. ■ The SAML partner uses the WebServiceContext to get the attributes, and determines what to do with them. Use the SAMLAttributeStatementDataHelper class to get the SAMLAttributeStatementData object, from which you get the SAMLAttributeData object.

2.11.5.3 SAML Attributes Example