Discovery Service Packages (Sun OpenSSO Enterprise 8.0 Developer's Guide)

Sun OpenSSO Enterprise 8.0 Developer's Guide

Discovery Service Packages

OpenSSO Enterprise contains several Java packages that are used by the Discovery Service. They include:

com.sun.identity.liberty.ws.disco includes a client API that provides interfaces to communicate with the Discovery Service. See Client APIs in com.sun.identity.liberty.ws.disco.
com.sun.identity.liberty.ws.disco.plugins includes an interface that can be used to develop plug-ins. The package also contains some default plug-ins. See com.sun.identity.liberty.ws.disco.plugins.DiscoEntryHandler Interface.
com.sun.identity.liberty.ws.interfaces includes interfaces that can be used to implement functionality common to all Liberty-enabled identity services. Several implementations of these interfaces have been developed for the Discovery Service. See com.sun.identity.liberty.ws.interfaces.Authorizer Interface and com.sun.identity.liberty.ws.interfaces.ResourceIDMapper Interface.

Note –

Additional information is in the Sun OpenSSO Enterprise 8.0 Java API Reference.

Client APIs in `com.sun.identity.liberty.ws.disco`

The following table summarizes the client APIs in the package com.sun.identity.liberty.ws.disco. For more information, including methods and their syntax and parameters, see the Sun OpenSSO Enterprise 8.0 Java API Reference.

Table 9–5 Discovery Service Client APIs


Class	Description
`Description`	Represents a DescriptionType element of a service instance.
`Directive`	Represents a discovery service DirectiveType element.
`DiscoveryClient`	Provides methods to send Discovery Service queries and modifications.
`EncryptedResourceID`	Represents an EncryptionResourceID element for the Discovery Service.
`InsertEntry`	Represents an Insert Entry for Discovery Modify request.
`Modify`	Represents a discovery modify request.
`ModifyResponse`	Represents a discovery response to a modify request.
`Query`	Represents a discovery Query object.
`QueryResponse`	Represents a response to a discovery query request.
`RemoveEntry`	Represents a remove entry element for the discovery modify request.
`RequestedService`	Enables the requester to specify that all the resource offerings returned must be offered through a service instance that complies with one of the specified service types.
`ResourceID`	Represents a Discovery Service Resource ID.
`ResourceOffering`	Associates a resource with a service instance that provides access to that resource.
`ServiceInstance`	Describes a web service at a distinct protocol endpoint.

`com.sun.identity.liberty.ws.disco.plugins.DiscoEntryHandler` Interface

This interface is used to get and set discovery entries for a user. A number of default implementations are provided, but if you want to handle this function differently, implement this interface and set the implementing class as the value of the Entry Handler Plugin Class attribute as discussed in Entry Handler Plug-in Class in Sun OpenSSO Enterprise 8.0 Administration Guide. The default implementations of this interface are described in the following table.

Table 9–6 Implementations of com.sun.identity.liberty.ws.disco.plugins.DiscoEntryHandler


Class	Description
`UserDiscoEntryHandler`	Gets or modifies discovery entries stored in the user’s entry as a value of the `sunIdentityServerDiscoEntries` attribute. The `UserDiscoEntryHandler` implementation is used in business-to-consumer scenarios such as the Liberty Personal Profile Service.
`DynamicDiscoEntryHandler`	Gets discovery entries stored as a value of the `sunIdentityServerDynamicDiscoEntries` dynamic attribute in the Discovery Service. Modification of these entries is not supported and always returns `false`. The resource offering is saved in an organization or a role. The `DynamicDiscoEntryHandler` implementation is used in business-to-business scenarios such as the Liberty Employee Profile service.
`UserDynamicDiscoEntryHandler`	Gets a union of the discovery entries stored in the user entry `sunIdentityServerDiscoEntries` attribute and discovery entries stored in the Discovery Service `sunIdentityServerDynamicDiscoEntries` attribute. It modifies only discovery entries stored in the user entry. The `UserDynamicDiscoEntryHandler` implementation can be used in both business-to-consumer and business-to-business scenarios.

`com.sun.identity.liberty.ws.interfaces.Authorizer` Interface

This interface is used to enable an identity service to check the authorization of a WSC. The DefaultDiscoAuthorizer class is the default implementation of this interface. The class uses the OpenSSO Enterprise Policy Service for creating and applying policy definitions. Policy definitions for the Discovery Service are configured using the OpenSSO Enterprise Console.

Note –

The Policy Service looks for an SSOToken defined for Authenticated Users or Web Service Clients. For more information on this and the Policy Service in general, see the Sun OpenSSO Enterprise 8.0 Administration Guide.

To Configure Discovery Service Policy Definitions

In the OpenSSO Enterprise Console, click the Access Control tab.

Select the name of the realm in which the policy definitions will be configured.

Select Policies to access policy configurations.

Click New Policy to add a new policy definition.

Type a name for the policy.

(Optional) Enter a description for the policy.

(Optional) Select the check box next to Active.

Click New to add rules to the policy definition.

Select Discovery Service for the rule type and click Next.

Type a name for the rule.

Type a resource on which the rule acts.

The Resource Name field uses the form ServiceType + RESOURCE_SEPARATOR + ProviderID. For example, urn:liberty:id-sis-pp:2003-08;http://example.com.

Select an action and appropriate value for the rule.

Discovery Service policies can only look up or update data.

Click Finish to configure the rule.

The com.sun.identity.liberty.ws.interfaces.Authorizer interface can be implemented by any web service in OpenSSO Enterprise. For more information, see XXXXXCommon Service Interfaces and the Java API Reference in //OpenSSO-base/SUNWam/docs or on docs.sun.com.

Click New to add subjects to the policy definition.

Select the subject type and click Next.

Type a name for the group of subjects.

(Optional) Click the check box if this is an exclusive group.

Select the users and click to add them to the group.

Click Finish to return to the policy definition screen.

Click New to add conditions to the policy definition.

Select the condition type and click Next.

Type values for the displayed attributes.

For more information, see the Sun OpenSSO Enterprise 8.0 Administration Guide.

Click Finish to return to the policy definition screen.

Click New to add response providers to the policy definition.

Type a name for the response provider.

(Optional) Add values for the StaticAttribute.

(Optional) Add values for the DynamicAttribute.

Click Finish to return to the policy definition screen.

Click Create to finish the policy configuration.

`com.sun.identity.liberty.ws.interfaces.ResourceIDMapper` Interface

This interface is used to map a user ID to the resource identifier associated with it. OpenSSO Enterprise provides two implementations of this interface.

com.sun.identity.liberty.ws.disco.plugins.Default64ResourceIDMapper assumes the format to be providerID + "/" + the Base64 encoded userIDs
com.sun.identity.liberty.ws.disco.plugins.DefaultHexResourceIDMapper assumes the format to be providerID + "/" + the hex string of userIDs

A different implementation of the interface may be developed. The implementation class should be given to the provider that hosts the Discovery Service. The mapping between the providerID and the implementation class can be configured through the XXXXXClasses For ResourceIDMapper Plug-in attribute.

Note –

The com.sun.identity.liberty.ws.interfaces.ResourceIDMapper interface is common to all identity services in OpenSSO Enterprise not only the Discovery Service. For more information, see the Sun OpenSSO Enterprise 8.0 Java API Reference.