Providers of identity services often need to interact with the owner of a resource to get additional information, or to get their consent to expose data. The Liberty Alliance Project has defined the Liberty ID-WSF Interaction Service Specification to specify how these interactions can be carried out. Of the options defined in the specification, OpenSSO Enterprise has implemented the Interaction RequestRedirect Profile. In this profile, the WSP requests the connecting WSC to redirect the user agent (principal) to an interaction resource (URL) at the WSP. When the user agent sends an HTTP request to get the URL, the WSP has the opportunity to present one or more pages to the principal with questions for other information. After the WSP obtains the information it needs to serve the WSC, it redirects the user agent back to the WSC, which can now reissue its original request to the WSP.
While there is no XML service file for the Interaction Service, this service does have properties. The properties are configured upon installation in the configuration data store and are described in the following table.
Table 9–8 Interaction Service Properties
Property |
Description |
---|---|
com.sun.identity.liberty.interaction.wspRedirectHandler |
Points to the URL where the WSPRedirectHandler servlet is deployed. The servlet handles the service provider side of interactions for user redirects. |
com.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice |
Indicates the level of interaction in which the WSC will participate if the WSC participates in user redirects. Possible values include interactIfNeeded, doNotInteract, and doNotInteractForData. The affirmative interactIfNeeded is the default. |
com.sun.identity.liberty.interaction.wscWillIncludeUserInteractionHeader |
Indicates whether the WSC will include a SOAP header to indicate certain preferences for interaction based on the Liberty specifications. The default value is yes. |
com.sun.identity.liberty.interaction.wscWillRedirect |
Indicates whether the WSC will participate in user redirections. The default value is yes. |
com.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime |
Indicates the maximum length of time (in seconds) the WSC is willing to wait for the WSP to complete its portion of the interaction. The WSP will not initiate an interaction if the interaction is likely to take more time than . For example, the WSP receives a request where this property is set to a maximum 30 seconds. If the WSP property com.sun.identity.liberty.interaction.wspRedirectTime is set to 40 seconds, the WSP returns a SOAP fault (timeNotSufficient), indicating that the time is insufficient for interaction. |
com.sun.identity.liberty.interaction.wscWillEnforceHttpsCheck |
Indicates whether the WSC will enforce HTTPS in redirected URLs. The Liberty Alliance Project specifications state that, the value of this property is always yes, which indicates that the WSP will not redirect the user when the value of redirectURL (specified by the WSP) is not an HTTPS URL. The false value is primarily meant for ease of deployment in a phased manner. |
com.sun.identity.liberty.interaction.wspWillRedirect |
Initiates an interaction to get user consent for something or to collect additional data. This property indicates whether the WSP will redirect the user for consent. The default value is yes. |
com.sun.identity.liberty.interaction.wspWillRedirectForData |
Initiates an interaction to get user consent for something or to collect additional data. This property indicates whether the WSP will redirect the user to collect additional data. The default value is yes. |
com.sun.identity.liberty.interaction.wspRedirectTime |
Indicates the length of time (in seconds) that the WSP expects to take to complete an interaction and return control back to the WSC. For example, the WSP receives a request indicating that the WSC will wait a maximum 30 seconds (set in com.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime) for interaction. If the wspRedirectTime is set to 40 seconds, the WSP returns a SOAP fault (timeNotSufficient), indicating that the time is insufficient for interaction. |
com.sun.identity.liberty.interaction.wspWillEnforceHttpsCheck |
Indicates whether the WSP will enforce a HTTPS returnToURL specified by the WSC. The Liberty Alliance Project specifications state that the value of this property is always yes. The false value is primarily meant for ease of deployment in a phased manner. |
com.sun.identity.liberty.interaction.wspWillEnforceReturnToHostEqualsRequestHost |
Indicates whether the WSP would enforce the address values of returnToHost and requestHost if they are the same. The Liberty Alliance Project specifications state that the value of this property is always yes. The false value is primarily meant for ease of deployment in a phased manner. |
com.sun.identity.liberty.interaction.htmlStyleSheetLocation |
Points to the location of the style sheet that is used to render the interaction page in HTML. |
com.sun.identity.liberty.interaction.wmlStyleSheetLocation |
Points to the location of the style sheet that is used to render the interaction page in WML. |
The OpenSSO Enterprise Interaction Service includes a Java package named com.sun.identity.liberty.ws.interaction. WSCs and WSPs use the classes in this package to interact with a resource owner. The following table describes the classes.
Table 9–9 Interaction Service Classes
Class |
Description |
---|---|
InteractionManager |
Provides the interface and implementation for resource owner interaction. |
InteractionUtils |
Provides some utility methods related to resource owner interaction. |
For more information, including methods and their syntax and parameters, see the Sun OpenSSO Enterprise 8.0 Java API Reference.