Chapter 4 Service Configuration Attributes

This chapter provide summaries of service configuration attributes that come with Identity Server. The chapter contains the following topics:

Discovery Service Attributes

The Discovery Service attributes are global attributes. The values applied to them are applied across the Identity Server configuration and are inherited by every configured organization. (They cannot be applied directly to roles or organizations, as the goal of global attributes is to customize the Identity Server application). The Discovery Service attributes are:

Provider ID

This attribute defines the unique identifier used for this Discovery Service. For example:

Supported Authentication Mechanisms

This attribute specifies the authentication mechanisms supported by the Discovery Service. By default, all of the mechanisms are selected. If an authentication mechanism is not selected, and a WSC sends a request using that authentication mechanism, the request will be rejected without passing it to the corresponding WSP.

Supported Directives

This attribute allows you to select the directives that are supported by the Discovery Service. If a service provider wants to insert an entry with an unsupported directive, the request will fail.

Do Policy Evaluation for DiscoveryLookup

If selected, the service will perform a policy evaluation for the DiscoveryLookup operation. By default, the option is not selected.

Do Policy Evaluation for DiscoveryUpdate

If selected, the service will perform a policy evaluation for the DiscoveryUpdate operation. By default, this option is not selected.

Class for Authorizer Plugin

Class for Discovery Service Entry Handler Plugin

This attribute defines the classname and classpath used to set or retrieve DiscoEntries.

Classes For Resource ID Mapper Plugin

This attribute contains a list of entries that are used to generate the Resource ID for a resource offering configured for an organization or role. The entries contain a key/value pair (separated by “|”) in the following format:

To add a new request handler, click the add button. The key and value parameters are required.

Generate Session Context Statement for Bootstrapping

This option specifies whether to generate a SessionContextStatement for bootstrapping. SessoinConxtext in the SessionContextStatement is needed by the Discovery Service to support the AuthenicateSessionContext directive. By default, this option is not selected.

Resource Offerings for Bootstrapping

This attribute defines the service’s resource offering for bootstrapping. After Single Sign-on (SSO), this resource offering and its associated credentials will be sent to the client in the SSO assertion. Only one resource offering is allowed for bootstrapping. If you have not defined a resource offering, click New. If you wish to edit an existing resource offering, click the Edit link. For more information defining a resource offering, see Managing Resource Offerings.

Liberty Personal Profile Service Attributes

The Liberty Personal Profile service attributes are global attributes. The values applied to them are applied across the Sun Java System Identity Server configuration and are inherited by every configured organization. (They can not be applied directly to roles or organizations as the goal of global attributes is to customize the Identity Server application.)

Resource ID Mapper

This attribute specifies the mutual implementation of a resourceID to the User DN.

Authorizer

This attribute defines the default implementation of the Personal Profile Service service authorization.

Attribute Mapper

This attribute defines the mapping between a Liberty Personal Profile service attribute to a user attribute. Format:

Provider ID

This attribute defines the unique identifier used for this Liberty Personal Profile Service. For example:

Name Scheme

This attribute defines the naming scheme that will be used for the Liberty Personal Profile Service common name. For example, you can specify first and last name, or first, middle and last name.

Namespace Prefix

This attribute specifies the namespace prefix to be used for Liberty Personal Profile Service XML protocol messages. NameSpace is used to differentiate the elements that come from different XML schemas. Namespace prefix is a prefix to the element and will be useful to define XML metadata from different XML schema namespaces.

Supported Containers

This attribute defines the list of supported Personal Profile containers. To add a container, click the Add button. Enter the key value pair in the provided fields and click OK.

PPLDAP Attribute Map List

This attribute list specifies the mapping for the Personal Profile attributes defined in the Liberty II specification to the Identity Server Personal Profile service attributes.

For example, in the mapping scheme, JobTitle=sunIdentityServerPPEmploymentIdentityJobTitle, sunIdentityServerPPEmploymentIdentityJobTitle is the Identity Server attribute that maps to the Liberty Protocol’s JobTitle attribute.

Require Query PolicyEval

If selected, this option requires a policy evaluation to be performed for Personal Profile service queries.

Require Modify PolicyEval

If selected, this option requires a policy evaluation to be performed for Personal Profile service modifications.

Extension Container Attributes

This attribute specifies the list of extension container attributes for the Personal Profile service.

Extension Attributes Namespace Prefix

This attribute defines the namespace prefix for the extensions defined in Extension Container Attributes.

SOAP Binding Service Attributes

The SOAP Binding Service attributes are global attributes. The values applied to them are carried across the Sun Java System Identity Server configuration and inherited by every configured organization. (They can not be applied directly to roles or organizations as the goal of global attributes is to customize the Identity Server application.)

Request Handler List

This attribute stores information about a Web Service Provider (WSP) deployed in Identity Server. It lists entries that contain a key/value pair (separated by “|”). For example:

key=disco|class=com.example.identity.liberty.ws.disco.DiscoveryService|soa pActions=sa1 sa2 sa2

To add a new request handler, click the add button. The key and class parameters are required. The parameters are:

key. This defines the second part of the URI path for the SOAP endpoint of the WSP. The first part is defined as Liberty by the SOAP services. For example, if you define disco as the key, the SOAP endpoint for the Discovery service is:

protocol://hostname:port/deloy_uri/Liberty/disco

class. This parameter specifies the name of the implementation class for the WSP. The Liberty SOAP layer provides a handler interface to be implemented by each WSP to process the requested message and then return a response.

soapActions. This is an optional parameter that specifies supported SOAPActions. If this parameter is not specified, all SOAPActions are supported. If a Web Service Consumer (WSC) sends a request with an unsupported SOAPAction, the request will be rejected by the SOAP layer without passing it one to the corresponding WSP.

Web Service Authenticator

This attribute defines the implementation class for the WebServiceAuthenicator interface, which authenticates and generates a credential for a Web Service Consumer (WSC), based on the request.

Supported Authentication Mechanisms

This attribute specifies the authentication mechanisms supported by the SOAP endpoint. By default, all of the mechanisms are selected. If an authentication mechanism is not selected, and a WSC sends a request using that authentication mechanism, the request will be rejected by the SOAP layer without passing it to the corresponding WSP.

Previous Contents Index Next
Sun Java System Identity Server 2004Q2 Federation Management Guide