Sun OpenSSO Enterprise 8.0 Developer's Guide Interface

This interface is used to enable an identity service to check the authorization of a WSC. The DefaultDiscoAuthorizer class is the default implementation of this interface. The class uses the OpenSSO Enterprise Policy Service for creating and applying policy definitions. Policy definitions for the Discovery Service are configured using the OpenSSO Enterprise Console.

Note –

The Policy Service looks for an SSOToken defined for Authenticated Users or Web Service Clients. For more information on this and the Policy Service in general, see the Sun OpenSSO Enterprise 8.0 Administration Guide.

ProcedureTo Configure Discovery Service Policy Definitions

  1. In the OpenSSO Enterprise Console, click the Access Control tab.

  2. Select the name of the realm in which the policy definitions will be configured.

  3. Select Policies to access policy configurations.

  4. Click New Policy to add a new policy definition.

  5. Type a name for the policy.

  6. (Optional) Enter a description for the policy.

  7. (Optional) Select the check box next to Active.

  8. Click New to add rules to the policy definition.

  9. Select Discovery Service for the rule type and click Next.

  10. Type a name for the rule.

  11. Type a resource on which the rule acts.

    The Resource Name field uses the form ServiceType + RESOURCE_SEPARATOR + ProviderID. For example, urn:liberty:id-sis-pp:2003-08;

  12. Select an action and appropriate value for the rule.

    Discovery Service policies can only look up or update data.

  13. Click Finish to configure the rule.

    The interface can be implemented by any web service in OpenSSO Enterprise. For more information, see XXXXXCommon Service Interfaces and the Java API Reference in //OpenSSO-base/SUNWam/docs or on

  14. Click New to add subjects to the policy definition.

  15. Select the subject type and click Next.

  16. Type a name for the group of subjects.

  17. (Optional) Click the check box if this is an exclusive group.

  18. Select the users and click to add them to the group.

  19. Click Finish to return to the policy definition screen.

  20. Click New to add conditions to the policy definition.

  21. Select the condition type and click Next.

  22. Type values for the displayed attributes.

    For more information, see the Sun OpenSSO Enterprise 8.0 Administration Guide.

  23. Click Finish to return to the policy definition screen.

  24. Click New to add response providers to the policy definition.

  25. Type a name for the response provider.

  26. (Optional) Add values for the StaticAttribute.

  27. (Optional) Add values for the DynamicAttribute.

  28. Click Finish to return to the policy definition screen.

  29. Click Create to finish the policy configuration.