Sun OpenSSO Enterprise 8.0 Developer's Guide

ProcedureTo Host a Custom Service

Before You Begin

The XML Schema Definition (XSD) file written to define the new service is the starting point for developing the service's server-side code.

  1. Write an XML service schema for the new web service and Java classes to parse and process the XML messages.

    The following sample schema defines a stock quote web service. The QuoteRequest and QuoteResponse elements define the parameters for the request and response that are inserted in the SOAP Body of the request and response, respectively. You will need to have and to parse and process the XML messages.

    <?xml version="1.0" encoding="UTF-8" ?> 
    <xs:schema xmlns:xs=""
             This is a sample stock ticker web service protocol
      <xs:element name="QuoteRequest" type="QuoteRequestType"/>
      <xs:complexType name="QuoteRequestType">
            <xs:element name = "ResourceID" type="xs:string" minOccurs="0"/>
            <xs:element name = "Symbol" type="xs:string" minOccours="1"/>
      <xs:complexType name="PriceType">
              <xs:element name="Last" type="xs:integer"/>
              <xs:element name="Open" type="xs:integer"/>
              <xs:element name="DayRange" type="xs:string"/>
              <xs:element name="Change" type="xs:string"/>
              <xs:element name="PrevClose" type="xs:integer"/>
      <xs:element name="QuoteResponse" type="QuoteResponseType"/>
      <xs:complexType name="QuoteResponseType">
            <xs:element name="Symbol" type="xs:string"/>
            <xs:element name="Time" type="xs:dateTime"/>
            <xs:element name="Delay" type="xs:dateTime" minOccurs="0"/>
            <xs:element name="Price" type="PriceType"/>
            <xs:element name="Volume" type="xs:integer"/>
  2. Provide an implementation for one of the following interfaces based on the type of web service being developed.

    • for developing and deploying a general web service.

    • for developing and deploying an identity data service type web service based on the Liberty Alliance Project Identity Service Interface Specifications (Liberty ID-SIS).

    In OpenSSO Enterprise, each web service must implement one of these interfaces to accept incoming message requests and return outgoing message responses. The following sample implements the interface for the stock quote web service. is the API used to construct requests and responses.

    public class StockTickerService implements RequestHandler {
             //implement business logic
             public Message processRequest(Message msg) throws 
                           SOAPFaultException, Exception {
                    SSOToken token = (SSOToken)msg.getToken();
                    List responseBody = processSOAPBody(msg.getBodies());
                    Message response = new Message();
                    return response;
              //more business logic
  3. Compile the Java source code.

    Be sure to include openfedlib.jar in your classpath.

  4. Add the previously created classes to the web container classpath and restart the web container on which OpenSSO Enterprise is deployed.

  5. Login to the OpenSSO Enterprise console as the top level administrator.

    By default, amadmin.

  6. Click the Web Services tab.

  7. Under Web Services, click the SOAP Binding Service tab to register the new implementation with the SOAP Binding Service.

    Screen capture of SOAP Binding Service attributes
  8. Click New under the Request Handler List global attribute.

  9. Enter a name for the implementation in the Key field.

    This value will be used as part of the service endpoint URL for the web service. For example, if the value is stock, the endpoint URL to access the stock quote web service will be:

  10. Enter the name of the implementation class previously created in the Class field.

  11. (Optional) Enter a SOAP Action in the SOAP Action field.

  12. Click Save to save the configuration.

    The request handler will be displayed under the Request Handler List.

  13. Click on the Access Control tab to begin the process of publishing the web service to the Discovery Service.

    The Discovery Service is a registry of web services. It matches the properties in a request with the properties in its registry and returns the appropriate service location. See Discovery Service for more information.

  14. Click the name of the realm to which you want to add the web service.

  15. Click the Services tab to access the realm's services.

  16. Click Discovery Service to create a new resource offering.

    If the Discovery Service has not yet been added:

    1. Click Add.

      A list of available services is displayed.

    2. Select Discovery Service and click Next to add the service.

      The list of added services is displayed including the link to the Discovery Service.

  17. Click Add on the Discovery Resource Offering screen.

  18. (Optional) Enter a description of the resource offering in the Description field on the New Resource Offering page.

  19. Type a URI for the value of the Service Type attribute.

    This URI defines the type of service. It is recommended that the value of this attribute be the targetNamespace URI defined in the abstract WSDL description for the service. An example of a valid URI is urn:com:sun:liberty:sample:stockticker.

  20. Type a URI for the value of the Provider ID attribute.

    The value of this attribute contains the URI of the provider of the service instance. This information is useful for resolving trust metadata needed to invoke the service instance. A single physical provider may have multiple provider IDs.

    Note –

    The provider represented by the URI in the Provider ID attribute must also have an entry in the ResourceIDMapper attribute. For more information, see Classes For ResourceIDMapper Plug-in in Sun OpenSSO Enterprise 8.0 Administration Guide.

  21. Click New Description to define the Service Description.

    For each resource offering, at least one service description must be created.

    1. Select the values for the Security Mechanism ID attribute to define how a web service client can authenticate to a web service provider.

      This field lists the security mechanisms that the service instance supports. Select the security mechanisms that you want to add and click Add. To prioritize the list, select the mechanism and click Move Up or Move Down.

    2. Type a value for the End Point URL.

      This value is the URL to access the new web service. For this example, it might be:

    3. (Optional) Type a value for the SOAP Action.

      This value is the equivalent of the wsdlsoap:soapAction attribute of the wsdlsoap:operation element in the service's concrete WSDL-based description.

    4. Click OK to complete the configuration.

  22. Check the Options box if there are no options or add a URI to the Options List to specify options for the resource offering.

    This field lists the options that are available for the resource offering. Options provide hints to a potential requestor about the availability of certain data or operations to a particular offering. The set of possible URIs are defined by the service type, not the Discovery Service. If no option is specified, the service instance does not display any available options. For a standard set of options, see the Liberty ID-SIS Personal Profile Service Specification.

  23. Select a directive for the resource offering.

    Directives are special entries defined in SOAP headers that can be used to enforce policy-related decisions. You can choose from the following:

    • GenerateBearerToken specifies that a bearer token be generated.

    • AuthenticateRequester must be used with any service description that use SAML for message authentication.

    • EncryptResourceID specifies that the Discovery Service encrypt the resource ID.

    • AuthenticateSessionContext is specified when a Discovery Service provider includes a SAML assertion containing a SessionContextStatement in any future QueryResponse messages.

    • AuthorizeRequester is specified when a Discovery Service provider wants to include a SAML assertion containing a ResourceAccessStatement in any future QueryResponse messages.

    If you want to associate a directive with one or more service descriptions, select the check box for that Description ID. If no service descriptions are selected, the directive is applied to all description elements in the resource offering.

  24. Click OK.

  25. Logout from the console.