Sun OpenSSO Enterprise 8.0 Developer's Guide

Discovery Service Packages

OpenSSO Enterprise contains several Java packages that are used by the Discovery Service. They include:

Note –

Additional information is in the Sun OpenSSO Enterprise 8.0 Java API Reference.

Client APIs in

The following table summarizes the client APIs in the package For more information, including methods and their syntax and parameters, see the Sun OpenSSO Enterprise 8.0 Java API Reference.

Table 9–5 Discovery Service Client APIs




Represents a DescriptionType element of a service instance. 


Represents a discovery service DirectiveType element. 


Provides methods to send Discovery Service queries and modifications. 


Represents an EncryptionResourceID element for the Discovery Service. 


Represents an Insert Entry for Discovery Modify request. 


Represents a discovery modify request. 


Represents a discovery response to a modify request. 


Represents a discovery Query object. 


Represents a response to a discovery query request. 


Represents a remove entry element for the discovery modify request. 


Enables the requester to specify that all the resource offerings returned must be offered through a service instance that complies with one of the specified service types. 


Represents a Discovery Service Resource ID. 


Associates a resource with a service instance that provides access to that resource. 


Describes a web service at a distinct protocol endpoint. Interface

This interface is used to get and set discovery entries for a user. A number of default implementations are provided, but if you want to handle this function differently, implement this interface and set the implementing class as the value of the Entry Handler Plugin Class attribute as discussed in Entry Handler Plug-in Class in Sun OpenSSO Enterprise 8.0 Administration Guide. The default implementations of this interface are described in the following table.

Table 9–6 Implementations of




Gets or modifies discovery entries stored in the user’s entry as a value of the sunIdentityServerDiscoEntries attribute. The UserDiscoEntryHandler implementation is used in business-to-consumer scenarios such as the Liberty Personal Profile Service.


Gets discovery entries stored as a value of the sunIdentityServerDynamicDiscoEntries dynamic attribute in the Discovery Service. Modification of these entries is not supported and always returns false. The resource offering is saved in an organization or a role. The DynamicDiscoEntryHandler implementation is used in business-to-business scenarios such as the Liberty Employee Profile service.


Gets a union of the discovery entries stored in the user entry sunIdentityServerDiscoEntries attribute and discovery entries stored in the Discovery Service sunIdentityServerDynamicDiscoEntries attribute. It modifies only discovery entries stored in the user entry. The UserDynamicDiscoEntryHandler implementation can be used in both business-to-consumer and business-to-business scenarios. Interface

This interface is used to enable an identity service to check the authorization of a WSC. The DefaultDiscoAuthorizer class is the default implementation of this interface. The class uses the OpenSSO Enterprise Policy Service for creating and applying policy definitions. Policy definitions for the Discovery Service are configured using the OpenSSO Enterprise Console.

Note –

The Policy Service looks for an SSOToken defined for Authenticated Users or Web Service Clients. For more information on this and the Policy Service in general, see the Sun OpenSSO Enterprise 8.0 Administration Guide.

ProcedureTo Configure Discovery Service Policy Definitions

  1. In the OpenSSO Enterprise Console, click the Access Control tab.

  2. Select the name of the realm in which the policy definitions will be configured.

  3. Select Policies to access policy configurations.

  4. Click New Policy to add a new policy definition.

  5. Type a name for the policy.

  6. (Optional) Enter a description for the policy.

  7. (Optional) Select the check box next to Active.

  8. Click New to add rules to the policy definition.

  9. Select Discovery Service for the rule type and click Next.

  10. Type a name for the rule.

  11. Type a resource on which the rule acts.

    The Resource Name field uses the form ServiceType + RESOURCE_SEPARATOR + ProviderID. For example, urn:liberty:id-sis-pp:2003-08;

  12. Select an action and appropriate value for the rule.

    Discovery Service policies can only look up or update data.

  13. Click Finish to configure the rule.

    The interface can be implemented by any web service in OpenSSO Enterprise. For more information, see XXXXXCommon Service Interfaces and the Java API Reference in //OpenSSO-base/SUNWam/docs or on

  14. Click New to add subjects to the policy definition.

  15. Select the subject type and click Next.

  16. Type a name for the group of subjects.

  17. (Optional) Click the check box if this is an exclusive group.

  18. Select the users and click to add them to the group.

  19. Click Finish to return to the policy definition screen.

  20. Click New to add conditions to the policy definition.

  21. Select the condition type and click Next.

  22. Type values for the displayed attributes.

    For more information, see the Sun OpenSSO Enterprise 8.0 Administration Guide.

  23. Click Finish to return to the policy definition screen.

  24. Click New to add response providers to the policy definition.

  25. Type a name for the response provider.

  26. (Optional) Add values for the StaticAttribute.

  27. (Optional) Add values for the DynamicAttribute.

  28. Click Finish to return to the policy definition screen.

  29. Click Create to finish the policy configuration. Interface

This interface is used to map a user ID to the resource identifier associated with it. OpenSSO Enterprise provides two implementations of this interface.

A different implementation of the interface may be developed. The implementation class should be given to the provider that hosts the Discovery Service. The mapping between the providerID and the implementation class can be configured through the XXXXXClasses For ResourceIDMapper Plug-in attribute.

Note –

The interface is common to all identity services in OpenSSO Enterprise not only the Discovery Service. For more information, see the Sun OpenSSO Enterprise 8.0 Java API Reference.