2-54 Securing WebLogic Web Services for Oracle WebLogic Server
2.11.5.1 Using SAML Attributes: Available Interfaces and Classes
You can use the classes and interfaces listed in Table 2–2
to implement SAML attributes. For more information, see WebLogic Server API Reference Javadoc.
Of the classes and interfaces listed in Table 2–2
, the SAMLAttributeData interface deserves additional mention. The SAMLAttributeData interface supports both
SAML 1.1 or SAML 2.0 attributes. It has the methods shown in Table 2–3
.
Table 2–2 SAML Attribute Classes and Interfaces
Interface or Class Description
weblogic.wsee.securit y.saml.SAML2Credentia
lProvider Credential Provider for SAML 2.0 assertions.
weblogic.wsee.securit y.saml.SAMLCredential
Provider Credential Provider for SAML 1.1 assertions.
weblogic.wsee.securit y.saml.SAMLAttributeS
tatementData This interface represents the attributes in a single attribute
statement. For SAML 1.1 and 2.0. weblogic.wsee.securit
y.saml.SAMLAttributeS tatementDataImpl
This class represents the attributes in a single attribute statement. For SAML 1.1 and 2.0.
weblogic.wsee.securit y.saml.SAMLAttributeD
ata SAML attribute Info interface that can be either SAML 1.1 or
SAML 2.0 attribute. weblogic.wsee.securit
y.saml.SAMLAttributeD ataImpl
Class that implements weblogic.wsee.security.saml.SAMLAttributeData.
weblogic.wsee.securit y.saml.SAMLAttributeS
tatementDataHelper Helper function to get the SAMLAttributeStatementData object
Table 2–3 SAMLAttributeData Methods
Method Description
getAttributeName Get the attribute name.
getAttributeNameForma t
Get the attribute name format for SAML 2.0 only. getAttributeFriendlyN
ame Get the Attribute friendly name.
getAttributeValues Get the collection of attribute values.
isSAML20 Check if this is a SAML 2.0 attribute. Return true if it is a SAML
2.0 attribute, false otherwise setAttributeNameStri
ng attributeName Set the attribute name.
setAttributeNameForma tString
attributeNameFormat Set the attribute name format.
Configuring Message-Level Security 2-55
2.11.5.2 Using SAML Attributes: Main Steps
The SAML2CredentialProvider and SAMLCredentialProvider classes provide mechanisms to add attributes into SAML assertions via the Web service context.
On the SAML partner, you then use the SAMLAttributeStatementDataHelper.getSAMLAttributeStatementData
method to map attributes from incoming SAML assertions based on the Web service context.
To do this:
■
The SAML2CredentialProvider or SAMLCredentialProvider on the SAML Identity Provider site determines the attributes to use and how to package them.
Implement both the SAMLAttributeStatementData and SAMLAttributeData interfaces to package the attributes.
■
The SAML partner uses the WebServiceContext to get the attributes, and determines what to do with them.
Use the SAMLAttributeStatementDataHelper class to get the SAMLAttributeStatementData object, from which you get the
SAMLAttributeData object.
2.11.5.3 SAML Attributes Example