SAML attribute mapper

Hi,
I am having an issue developing an attribute mapper for my SAML 1.1 scenario using Sun Access Manager 7.1 patch 1 (war deployment installer) as the IDP. It is deployed on Sun Java System Web Server 7.0U1 (B06/12/2007 21:15) for Solaris 10 x86.
My class looks something like this:
package matt.saml.sample;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import com.iplanet.sso.*;
import com.sun.identity.saml.assertion.*;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.plugins.PartnerSiteAttributeMapper;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdUtils;
import org.w3c.dom.Document;
public class TestSiteAttributeMapper implements PartnerSiteAttributeMapper {
    public List getAttributes(SSOToken token, String targetURL) throws SAMLException {
        //...code
        return list;
}So, I put TestSiteAttributeMapper in the classpath and configured the Site Attribute Mapper. Now when I try SSO with SAML, attributes aren't passed through the assertion plus I get this in the amSAML debug log:
SAML Service Manager: PartnerUrl List:siteattributemapper=matt.saml.sample.TestSiteAttributeMapper
10/07/2008 12:14:41:518 PM EDT: Thread[service-j2ee-3,5,main]
ERROR: SAMLServiceManager:Invalid site attribute mapperI tried compiling the class with the amserver/WEB-INF/lib/am_services.jar(the one AM is using) in the classpath.
Also, I had to add amserver/WEB-INF/lib/am_services.jar(plus I added a couple other am_*.jar files) to the Web Server classpath, in the JVM settings to get rid of an error I was seeing in the web server logs:
[05/Oct/2008:19:36:31] failure ( 3746): for host 192.168.200.1 trying to GET /amserver/SAMLPOSTProfileServlet, service-j2ee reports: Stand
ardWrapperValve[SAMLPOSTProfileServlet]: PWC1406: Servlet.service() for servlet SAMLPOSTProfileServlet threw exception
java.lang.NoClassDefFoundError: com/sun/identity/saml/plugins/PartnerSiteAttributeMapper
        at java.lang.ClassLoader.defineClass1(Native Method)
        at java.lang.ClassLoader.defineClass(ClassLoader.java:620)
        at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
        at java.net.URLClassLoader.defineClass(URLClassLoader.java:260)
        at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
        at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:268)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
        at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1461)
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Class.java:164)
        at com.sun.identity.saml.common.SAMLServiceManager.setValues(SAMLServiceManager.java:788)
        at com.sun.identity.saml.common.SAMLServiceManager.init(SAMLServiceManager.java:266)
        at com.sun.identity.saml.common.SAMLServiceManager.getAttribute(SAMLServiceManager.java:1015)
        at com.sun.identity.saml.servlet.SAMLPOSTProfileServlet.getDestSite(SAMLPOSTProfileServlet.java:242)
        at com.sun.identity.saml.servlet.SAMLPOSTProfileServlet.doGet(SAMLPOSTProfileServlet.java:118)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:796)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:917)
        at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
        at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:86)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:217)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
        at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:255)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
        at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:187)
        at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
        at com.sun.webserver.connector.nsapi.NSAPIProcessor.service(NSAPIProcessor.java:160)
[05/Oct/2008:19:36:32] warning ( 3746): CORE3283: stderr: Exception in thread "Thread-29" java.lang.NullPointerException
[05/Oct/2008:19:36:32] warning ( 3746): CORE3283: stderr:       at com.sun.identity.saml.common.SAMLServiceManager.getAttribute(SAMLServic
eManager.java:1017)
[05/Oct/2008:19:36:32] warning ( 3746): CORE3283: stderr:       at com.sun.identity.saml.servlet.POSTCleanUpThread.run(POSTCleanUpThread.j
ava:101)I didn't really think that I should have had to add the jar to the classpath, considering it is in the WEB-INF/lib folder.
In summary, my questions are:
1. What am I doing wrong in implementing this attribute mapper that causes it to be invalid?
2. Why did I have to add that jar to the classpath to remove that NoClassDefFoundError? Isn't it already in the classpath?
Thanks in advance,
Matt

ok i fixed my issue. removing all additional jars from the class path, and putting my class under amserver/WEB-INF/classes got it working.
I guess it's a classpath context issue

Similar Messages

  • Need Seeburger Attribute Mapper module details

    Hi Experts,
                       We need to post a file(XML) on Receiver AS2 adapter with dynamic filename. We have followed the link :
    Re: Dynamic Receiver file name in AS2 adapter to create the UDF in GUI mapping and have selected the fileName property under Dynamic Attributes in the Receiver AS2 adapter. However, even though in the message monitor, the filename property is shown to be corrrectly populated, the file is posted in receiver with a different name.
    The above link mentions using an Attribute Mapper module for dynamic filename. Can anyone please provide the details of this module, the module name, parameter names etc. that need to be populated in the receiver adapter.
    The same is not available on the net and we don't have the seeburger documents with us.
    Regards
    Shiladitya

    The module parameter will have
    Source - @Namespace/PropertyName
    Target - Namespace/PropertyName
    This way you may copy source FileName to target FileName.
    Regards,
    Prateek

  • Seeburger Attribute Mapper

    I am using Seeburger Attribute mapper.  We need to remap the SFTP filename attribute to a value dependat on the AS2 Message subject.
    In my test environment, I have sent a message with the subject of "PROCARD" -- regardless of what message subject is used, value 2 (not-matched) is being set to the dynamic attribute http://seeburger.com/xi/SFTP/dtSubject
    Key:                map     
    Param Name:  http://seeburger.com/xi/SFTP/dtSubject     
    Param Value:  if ( subStringRegEx( "PROCARD", @http://seeburger.com/xi/AS2/dtSubject),    "matched", "not-matched")
    I have also attempted using asterisk to terminate the search parameter.
    Thank you in advance...

    The module parameter will have
    Source - @Namespace/PropertyName
    Target - Namespace/PropertyName
    This way you may copy source FileName to target FileName.
    Regards,
    Prateek

  • Null Pointer Exception while configuring SAML Credential Mapper

    Hi,
    I am trying to set up my customised SAML code for WLS 10.3. To test it , I have created a standalone suite with 2 applications,one as a source where the authentication will be through simple username and password and second as destination where the identity assertion will take place based on token generated in first app.
    So to achieve this , I am using a default SAMLCredentialMapperV2 for credential mapping at source site. But While configuring it, the management tab of the credential mapper shows null pointer exception.
    Can anyone point out whats wrong or if I am missing on anything?
    Steps to create:-
    1. Create a security realm
    2.Goto security realm ->Provider ->Credential Mapping tab.
    3.Create a credential mapper of type SAMLCredentialMapperV2 and with specifications as mentioned in http://www.oracle.com/technetwork/articles/entarch/sso-with-saml3-086457.html
    4. Click on the newly created mapper and go to management tab. It throws null pointer exception which is visible on the screen.
    Log Entries are as follows:-
    <Error> <Console> <BEA-240003> <Console encountered the following error java.lang.NullPointerException
         at com.bea.common.security.saml.registry.SAMLPartnerRegistry.<init>(SAMLPartnerRegistry.java:153)
         at com.bea.common.security.saml.registry.SAMLRelyingPartyRegistry.<init>(SAMLRelyingPartyRegistry.java:26)
         at weblogic.security.providers.saml.SAMLCredentialMapperV2Impl.init(SAMLCredentialMapperV2Impl.java:65)
         at weblogic.security.providers.saml.SAMLCredentialMapperV2Impl.listRelyingParties(SAMLCredentialMapperV2Impl.java:81)
         at weblogic.security.providers.saml.SAMLCredentialMapperV2MBeanImpl.listRelyingParties(SAMLCredentialMapperV2MBeanImpl.java:206)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
         at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
         at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
         at java.security.AccessController.doPrivileged(Native Method)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
         at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
         at java.security.AccessController.doPrivileged(Native Method)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
         at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
         at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
         at java.security.AccessController.doPrivileged(Native Method)
         at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
         at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
         at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
         at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
         at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
         at java.security.AccessController.doPrivileged(Native Method)
         at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
         at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
         at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
         at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
         at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
         at javax.management.remote.rmi.RMIConnectionImpl_1033_WLStub.invoke(Unknown Source)
         at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:993)
         at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
         at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
         at $Proxy144.listRelyingParties(Unknown Source)
         at com.bea.console.actions.security.providers.SAMLCredentialMapperV2ManagementPartnersTableAction.getSAMLCredentialMapperV2Partners(SAMLCredentialMapperV2ManagementPartnersTableAction.java:60)
         at com.bea.console.actions.security.providers.SAMLCredentialMapperV2ManagementPartnersTableAction.getCollection(SAMLCredentialMapperV2ManagementPartnersTableAction.java:42)
         at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:82)
         at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
         at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
         at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:261)
         at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
         at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
         at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
         at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:256)
         at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
         at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:133)
         at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
         at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
         at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
         at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
         at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
         at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
         at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
         at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
         at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
         at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
         at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388)
         at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
         at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:211)
         at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
         at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
         at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

    I've got the same issue too.
    My setup is to have one domain acting as both Source and Destination.
    For every 10 seconds, I'm seeing 4 of these logs, and the CPU consumption is 100% consistently.
    ####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentials: Subject initiator>
    ####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentials(Subject): getCredentialInternal() called>
    ####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): SAML Credential Mapper does not support credential type: weblogic.UserPassword, returns null>
    Does anyone know what's happening? I've got one of the Security Provider = Active Directory, and thus there's no password returning. Could it be the root cause of the problem?

  • Define a SAML Attribute whose value is not in any data store

    I attempting to define a SAML Attribute in Sun OpenSSO Ent 8.x, whose value is not in any data store. I need to assign static text. The SP requires a unique value for all assertions under the same company. This is their method to help ensure an employee and assertion are for the correct data. For example,
    <saml:Attribute Name="AccountID">
    <saml:AttributeValue>ref-193749900</saml:AttributeValue>
    </saml:Attribute>
    I have not found a way with the OpenSSO admin portal. Any assistance would be appreciated.
    Thanks.

    Any response to this? I have the same need.

  • Capturing SAML attribute in OSB proxy

    Hi,
    We have a requirement of extracting one of the SAML attributes sent to our proxy service and send it to the business service as one of the SOAP body elements.
    I have done the following things:
    - Created the business service based on particular WSDL
    - Created the proxy service based on same WSDL and applied the policy oracle/wss10_saml_token_service_policy as per our requirements
    - In the Security tab of proxy service, i have checked the option 'Process WS-Security Header' as i want to restrict the access to my proxy service based on SAML subject that we recieve
    Following is the SAML header that i am using to test the OSB proxy from Soapui 2.0.2. I have to capture the saml:NameIdentifier from the below SAML assertion i receive. When i use $header variable i am unable to get this. But when i uncheck 'Process WS-Security Header' i am able to get the value but authentication is not working. So i think 'Process WS-Security Header' should always be checked.
    Please let me know asap on how can i extract saml:NameIdentifier from the request received in proxy service. Is there anyway to intercept the request to proxy just like SOAP handlers?
    <saml:Assertion AssertionID="Id-00000127f49c1cf3-0000000000900e24-2" IssueInstant="2010-04-19T00:40:24Z" Issuer="www.oracle.com" MajorVersion="1" MinorVersion="1" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <saml:Conditions NotBefore="2010-06-16T00:40:24Z" NotOnOrAfter="2010-06-21T00:40:24Z"/>
    <saml:AttributeStatement>
    <saml:Subject>
    <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">weblogic</saml:NameIdentifier>
    <saml:SubjectConfirmation>
    <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
    </saml:SubjectConfirmation>
    </saml:Subject>
    </saml:AttributeStatement>
    </saml:Assertion>
    Thanks
    Siva

    Hi Siva,
    We have a requirement of extracting one of the SAML attributes sent to our proxy service and send it to the business service as one of the SOAP body elementsI think your requirement is not to do the authentication then why are you checking the option 'Process WS-Security Header'?
    If 'Process WS-Security Header' check-box is selected then it will process and consume the security headers and enforces the message level access control policies on the incoming message (This is called an Active Intermediary Proxy Service). if you don't select it the proxy will be pass-through and OSB will not make any modification to the security headers, encrypted body parts, etc (this is called a Pass-Through Proxy Service)
    I think in your case you require a pass-through proxy service.
    To know more about pass-through/active intermediary proxies and their configuration in OSB, please refer section "Configuring Proxy Service Message-Level Security" on below link -
    http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/security/message_level.html#wp1077884 ()
    Regards,
    Anuj

  • SAML - USer Principal mapped on a SAML attribute - How to do ???

    Dear security experts,
    I have configured on my weblogic platform a Sender vouches SAML profile.
    I am trying to map the UserPrincipal (the one I get from the webServiceContext in my web service) to a SAML attribute (different from the SAML subject).
    I have written a class that implement the interfaces SAMLIdentityAssertionNameMapper and SAMLIdentityAssertionAttributeMapper .
    Here is an overview of the simplified implementation :
    public String mapNameInfo(SAMLNameMapperInfo info, ContextHandler handler) {
    return "user2";
    public void mapAttributeInfo(Collection<SAMLAttributeStatementInfo> attribStmts, ContextHandler contextHandler) {
    Set<Principal> principals = new HashSet<Principal>();
    principals.add(PrincipalFactory.getInstance().createWLSUser("user1"););
    ((SecurityTokenContextHandler)contextHandler).addContextElement(ContextElementDictionary.SAML_ATTRIBUTE_PRINCIPALS, principals);
    After weblogic has loaded my SAML assertion, I can see in the log that my uibject has two User Principal : user1, user2. When I call getUserPrincipal in my webservice, I always get "user1". I need to get "user2".
    Why mapNameInfo() always has the priority ? Is it the good way to implement this mechanism ?
    Thanks for your help.

    Gyan:
    How is that possible? If you import the VOImpl inside EOImpl, the import statement is ok. But how would you use that? There is no findViewObject method? The OADBTransaction class that I can use has only findObject method that one can use and I tried that but wasn't successful. Shouldn't you have to import OAApplicationModule and a host of other classes? Is that even possible?
    I thought about the entity expert approach but I don't have a need to execute any query. I just need to refer to the view attribute from within the EOImpl. That's what I am looking for. If there is a way to refer to a view attribute from within the EOImpl without having to populate that attribute in a session/transaction variable that would be a better solution for me because there may be more attributes that I need from different VOs later on and everytime I need some VO attribute I don't have to create and populate a session/transaction variable.
    Please let me know if it can be done. Can you please elaborate more on your proposal? I really appreciate your time and help. Thanks!
    - Muzammil

  • OIF SAML Attribute Mappings

    Looking for ideas:
    Trading partner requires us to send 4 attributes in our SAML 2.0 assertion (staticID, firstName, lastName, EmployeeID). We will be providing the same value for staticID and EmployeeID.
    When we configure Attribute Mappings within OIF, if we map the same LDAP attribute (employeenumber) for staticID and EmployeeID, only one of the attributes gets included in the SAML assertion. (3 attributes included in assertion rather than 4)
    If I map staticID to employeenumber and EmployeeID to <some other attr> all 4 attributes are included in assertion.
    Is there a way to make this happen? Does this violate a SAML standard?

    I am surprised that it is working. According to the following note:
    314948.1: How can I determine what SAML attribute fields are case sensitivity?
    the LDAP attributes specified should be in lowercase to work. Did you try specifying both fields in lowercase (employeenumber)?
    You should pose this question to Oracle.
    -shetty2k

  • SAML Credential Mapper does not support credential type

    Has anybody any idea on what could be causing the message below, which is being logged several times?
    <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <1309285937475> <BEA-000000> <SAMLCredentialMapperV2: getCredentials(Subject): getCredentialInternal() called>
    <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <1309285937475> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): **SAML Credential Mapper does not support credential type: weblogic.UserPassword, returns null**>
    Best regards
    Update: Forgot to mention this is SOA Suite 11G environment
    Edited by: user9501748 on Jun 28, 2011 11:53 AM

    I've got the same issue too.
    My setup is to have one domain acting as both Source and Destination.
    For every 10 seconds, I'm seeing 4 of these logs, and the CPU consumption is 100% consistently.
    ####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentials: Subject initiator>
    ####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentials(Subject): getCredentialInternal() called>
    ####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): SAML Credential Mapper does not support credential type: weblogic.UserPassword, returns null>
    Does anyone know what's happening? I've got one of the Security Provider = Active Directory, and thus there's no password returning. Could it be the root cause of the problem?

  • SAML Credential Mapper Relying Party "Post Form"

    Hi,
    Has anybody used Custom Post Form for SAML credential Mapper Relying Party.
    If so can you pls tell the specs. It is saml V2
    I am trying like this in a html
    <input type="hidden" name="TARGET " value="ddddd" />
    <input type="hidden" name="SAML_AssertionConsumerURL" value="ddddddd" />
    <input type="hidden" name="SAML_AssertionConsumerParams" value="homogenousMap" />
    <input type="hidden" name="SAML_ITSRequestParams" value="" />
    But everytime it gives a Internal server error in the logs
    ####<Oct 13, 2008 2:16:19 PM PDT> <Debug> <SecuritySAMLService> <pd7000163> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1223932579244> <BEA-000000> <SAMLServlet (samlits): doGet(): Unexpected throwable while handling request, returning INTERNAL_SERVER_ERROR: java.lang.NullPointerException>
    I am also not finding any details about samlits servlet.
    WEblogic front line support also does not know. No weblogic documentation on the actual implementation.
    Thanks
    Vishnu

    Vishnu, you should also try cross-posting in the WLS-Security forum.
    WebLogic Server - Security

  • Read SAML attributes in Proxy service

    Hi,
    I need to read SAML attributes in a proxy service in OSB. But the SAML is not available.
    The client call a service with encrypted SAML im Header, but when I read the header in Proxy service, the SAML is no more available.
    Client call with:
    Authorization: Basic MTAyOjw/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+CjxzYW1sMnA6UmVzcG9uc2UgSUQ9IlJlc3BvbnNlX2YzY2ZkZjM5NWIyNzI3ZWFhZWEyZDlhYTRkMWNhY2RhNzgzNGMxZWMiIElzc3VlSW5zdGFudD0iMjAxMi0wOC0zMFQwNjoyMDoyMC43MDNaIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5uZXZpc0F1dGg8L3NhbWwyOklzc3Vlcj48c2FtbDJwOlN0YXR1cz48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbDJwOlN0YXR1cz48c2FtbDI6QXNzZXJ0aW9uIElEPSJBc3NlcnRpb25fM2MxYzZlZGM1NWQ4ZDVhN2QzNmQ2NTkzMzlmMzgxNzBhOWU1Mzk0NiIgSXNzdWVJbnN0YW50PSIyMDEyLTA4LTMwVDA2OjIwOjIwLjM4OVoiIFZlcnNpb249IjIuMCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+PHNhbWwyOklzc3Vlcj5uZXZpc0F1dGg8L3NhbWwyOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KPGRzOlNpZ25lZEluZm8+CjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KPGRzOlJlZmVyZW5jZSBVUkk9IiNBc3NlcnRpb25fM2MxYzZlZGM1NWQ4ZDVhN2QzNmQ2NTkzMzlmMzgxNzBhOWU1Mzk0NiI+CjxkczpUcmFuc2Zvcm1zPgo8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyI+PGVjOkluY2x1c2l2ZU5hbWVzcGFjZXMgUHJlZml4TGlzdD0ieHMiIHhtbG5zOmVjPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybT4KPC9kczpUcmFuc2Zvcm1zPgo8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz4KPGRzOkRpZ2VzdFZhbHVlPnRvUzBGM3lxSjdPTXpUZmYzQ05oVFlvQ0x1Yz08L2RzOkRpZ2VzdFZhbHVlPgo8L2RzOlJlZmVyZW5jZT4KPC9kczpTaWduZWRJbmZvPgo8ZHM6U2lnbmF0dXJlVmFsdWU+ClNjTlJBc0cvY2loSFB2cVRPTHhOSkNOQUhjdVNoU0NCZDQ4UTNDK1ZieHQ3OHVoZDZNbHdVdDhuaDVJc1hJK2k4SldWRFJiMnJVMUYKcGxYeUdrcWRDYWRtcVB5bjRUb00wZ2tLRTF3R05wb1lLYkFtaGl5ZDZyai9yK2E0SEVmUUxvQmxxWTQ4TTBzZWRra1dlY0orcGE1NwppbUM3ekNzWlhWbWFSNzdvZEZPVVhsR1FwNFlpbnlBaExrbVk1QjlkNjVZSE91akh3UFhLTURaT3VwSlExMURIcFE3N1p1WjE5WjNWClRWK2ZkRzl1RThBUmpKYVZobnJSdWdETWVEOWNaYnRDbkRyRWdaeFYwanAvWHB2TTg3cTEwYXNuWFZMaDRwWlA5eCtGSkNQQis4MS8KV21PK2VwRVZSZU0rLy85WU1xdlNTaXBaTXJ1N1AxZGs5K3R3eHc9PQo8L2RzOlNpZ25hdHVyZVZhbHVlPgo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlERERDQ0FmU2dBd0lCQWdJR0FUY3dvTzBVTUEwR0NTcUdTSWIzRFFFQkJRVUFNRll4Q3pBSkJnTlZCQVlUQW1Ob01SUXdFZ1lEClZRUUtEQXRVY21sMllXUnBjeUJCUnpFeE1DOEdBMVVFQXd3b2RISnBkbUZrYVhNZ1EwRWdLR3hqYlRBeE1ERXVZMnh2ZFdRdWRISnAKZG1Ga2FYTXVZMjl0S1RBZUZ3MHhNakExTURrd09EQTBNelphRncweU1qQTFNRGt3T0RBME5ERmFNRGd4Q3pBSkJnTlZCQVlUQW1ObwpNUlF3RWdZRFZRUUtEQXRVY21sMllXUnBjeUJCUnpFVE1CRUdBMVVFQXd3S1lYVjBhRk5wWjI1bGNqQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbWhjRTVWQ0JjVXNwTFVaa1JkRkxETFk2VFBjR3JmbUJmSkVFblVCUXF5MTZ5UG5LZmIKRVNFWjEzQnFCSVNKcEQ0aEpFRWJXZTFvY1hUSWJTSTNRaVE0Z1huMzdraXYwVmZkZmdmcGRDeW9zazIwbmRsWEsxbnFQcmdrREQzNwpSU0h5YXhYWW1QOExEWDF0UHNzbTJPT3lBdWtVcXgxVnJtRDc3SGttMHBuVGxKWWhlODVGZndiQnpQaGtJM3pWa0lZYmF5eHh2QkQrCldURjRZa0pQeUNRQmxxRUZGQ0I3enpsVUhRTzBTZngyK0Q0b3MyVSthbThjTHkvUUNQT2F0N0prQkZ0TXJOME5ZbWpOaEFBNWkyYkMKWHNnWldGNXM4bmZTU0Y4R0JYVWdTcXJyMVdKaHg2YVJ0V2xJcUl2ZFpGSStYbmttRHhiNjNtUDBDdVRmMnUwQ0F3RUFBVEFOQmdrcQpoa2lHOXcwQkFRVUZBQU9DQVFFQWF2YXdzMkFJM0NrZzhwclYrcFVOSGxlanV1aE5ZbEFlZGVFaUs3Z09jb29ScjEvV0N6cDA4cFdjCmE5ZThQWEhGTGJPeHJYMUNyeXA1bW9Xc3ZwRXFQMkhVbFZqK3d3ZWtnZERXVzFzaTdYZWI5YURyTmFvSnJQelp6ZzNvK2ZmaXRMM1EKeWYvRTcwemllZTladG5ZQk1Zc1ZIbituWHJzZlVsYVdjMzdYQzNPaWZtajc1WGYrZ0J0MmM1RUJLay8yV1cwaXlEZTJhQVpubisyNwpKTkU2bGE5SHVqWWlWS3pzMUpzRm5lNWJwT1dJZDZ5MW8rUnZSOVpsb1hSMjVMM2tMekd1ajBlRzdjaTE1eXBjY1o1NDlZaTdHRlhPClJxZTlKVnZPZERGcllCQnpEaHE4TWlEZG1aemVZbFEzS3NNNlU1SjE5ODVDRXJLa0NpNUdUTm9yanc9PTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sMjpTdWJqZWN0PjxzYW1sMjpOYW1lSUQ+MTAyPC9zYW1sMjpOYW1lSUQ+PC9zYW1sMjpTdWJqZWN0PjxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMi0wOC0zMFQwNjoyMDoyMC4zODlaIiBOb3RPbk9yQWZ0ZXI9IjIwMTItMDgtMzBUMDY6MjU6MjAuMzg5WiIvPjxzYW1sMjpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTItMDgtMzBUMDY6MjA6MjAuMzg5WiI+PHNhbWwyOkF1dGhuQ29udGV4dD48c2FtbDI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L3NhbWwyOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDI6QXV0aG5Db250ZXh0Pjwvc2FtbDI6QXV0aG5TdGF0ZW1lbnQ+PHNhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDI6QXR0cmlidXRlIE5hbWU9ImNsaWVudElkIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+MTAwPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIE5hbWU9InJvbGVzIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyIvPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgTmFtZT0ic2Vzc2lkIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyIvPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgTmFtZT0ibG9naW5JZCI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciLz48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIE5hbWU9InByb2ZpbGVJZCI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjEwMjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PC9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sMjpBc3NlcnRpb24+PC9zYW1sMnA6UmVzcG9uc2U+
    Is the security filtered ?
    Thanks
    Yves

    Hi Sura,
    The number of thread-count configured in your proxy-scheme is the number of concurrent client request that you proxy servers can handle. Ideally your (thread-count * proxy servers) = (clients * max requests). Also, you need to check that the byte/message backlog on the proxy servers is close to zero.
    Hope this helps!
    Cheers,
    NJ

  • Inject User Attributes into SAML Credential Mapper V2 Assertions

    We are using SAML CMV2 on 10.0 MP1 and we would like to add user attributes in SAML assertions '<attributestatement>'.
    How do we inject attribute statements in assertions?
    [url http://e-docs.bea.com/wls/docs100/dvspisec/credmap.html]
    AT:
    - Do You Need to Develop a Custom Credential Mapping Provider?
    - 3rd paragraph, 4th sentence...
    States that the AttributeStatement can be configured to house user information. I have looked all over on how I can 'configure' the SAMLCMV2 to inject the user info we want (DN, favorite color, anything).
    Any input would be great,
    Thanks!
    Edited by dejavuuuuu at 03/18/2008 5:57 AM
    Edited by dejavuuuuu at 03/18/2008 5:59 AM

    Looks like it is not available in Weblogic 10 MP1 and we might have to wait for 10.3 where you get the SAMLCredentialAttributeMapper.
    http://edocs.bea.com/wls/docs100/javadocs/weblogic/security/providers/saml/SAMLCredentialAttributeMapper.html

  • Reading SAML attributes inside BPEL on weblogic 11g

    Hi,
    My customer wants to access to SAML token attributes and username inside BPEL workflow on weblogic 11g.
    This workflow is exposed as a webservice and is protected by attached policy.
    My question is if it is possible to access SAML token attributes inside BPEL, is yes how to do it.
    Thanks
    Hubert

    Is this what you are looking for??
    http://lesterrebollos.blogspot.co.uk/2008/02/extracting-wsse-security-headers-from.html??
    best regards Nicolas

  • Dynamically add/change SAML attributes

    Hi,
    Is it possible to dynamically adding assertion attributes to SAML
    depending on the authentication method?
    From what I see in the LocalAuthenticationClass ( NACM API ), there is
    a method called:
    addPrincipalAttributes(java.lang.String strAttr, java.lang.String[]
    values)
    Sets attributes for a user that has been authenticated.
    Does it mean that these attributes will be added to the SAML when NAM
    responses to the AuthnRequest?
    If so, will they be automatically added to the e-Directory?
    Basically, my boss wants me to send, say attributes 1,2,3 when a user
    authenticates with username/password contract. However, when a user
    logins with digital certificate, then I need to send attributes
    1,2,3,4,5. Can this be done?
    Thanks in advance,
    Annon
    anonaye2
    anonaye2's Profile: http://forums.novell.com/member.php?userid=60294
    View this thread: http://forums.novell.com/showthread.php?t=381618

    http://forums.novell.com/novell-deve...injection.html
    Although this post above does solve my problem; some tech. wiz. at work
    suggests that it will not work in concurrent condition when multiple
    users of the same ID login at the same time with different
    authentication method.
    Is there other solutions without modifying e-Directory?
    anonaye2
    anonaye2's Profile: http://forums.novell.com/member.php?userid=60294
    View this thread: http://forums.novell.com/showthread.php?t=381618

  • Custom SAML Attributes

    Does anyone have any pointers on how I can add some custom attributes to a SAML assertion using either SAML 1.1 or 2.0? This would be for web SSO, when the user logs in, I'd like to pass some more information along to the service provider, such as an account number.
    Thanks,
    ..Mel

    Hi finally I get it (thank you Gautam!!!),
    public class CustomWlsPrincipal extends WLSAbstractPrincipal implements WLSUser {
            public CustomWlsPrincipal(String name) {
              super();
              // Feed the WLSAbstractPrincipal.name. Mandatory
              this.setName(name);
    }So you need to invoke the parent class setName(String) method. If not you will get a NullPointerException.
    Implementing the equals and hashCode is also convenient.
    Hope it helps,
    Luis

Maybe you are looking for

  • Can i duel boot OS X yosemite on a laptop with ubuntu on it?

    i want to duel boot OS X yosemite on my acer laptop that has ubuntu on it and am wondering if it is possible and if so how can i do it?

  • Hyperion Preformance Scorecard

    Hi Frnds, if anybody have idea on Hyperion Performance ScoreCard, plz let me know regarding the tool future market, implementations, pre-requsite knowledge etc. Is this tool sucessfully implemented anywhere. How can we expect Market for this tool in

  • How do I fix a js3250.dll system error

    Just today I attempted to download and run the latest version of Kompozer on my desktop, but it wouldn't function properly due to a js3250.dll missing error, which to my understanding is a component of Firefox. How do I resolve this issue? I've tried

  • Undeliverable Mail \ Unknown Exception

    I am seeking assistance in identifying the cause of an issue that results in undeliverable email when using cfmail.   On occasion (4 to 12 times in a 24 hour period) an email will be determined to be undeliverable and will be transferred to the /Unde

  • R3 report in BW side. Is it possible?

    Hello all! I've been asked to analye if it's possible to have in bw, the result of a R3 report. I explain the context: I was asked to make a report in BW with some hard calculations and lots of detail information. We saw that it were out of scope for