SOAP Binding Service

The SOAP Binding Service is the method of transport used to convey identity data between web services. It includes a set of Java APIs used by the developer of a Liberty-enabled identity service. The APIs are used to send and receive identity-based messages using SOAP, an XML-based messaging protocol. The service invokes the correct request handler class (specified by a service endpoint) to handle the messages.

SOAP Binding Service Attributes

The SOAP Binding Service attributes are global attributes. The values of these attributes are carried across the OpenSSO Enterprise configuration and inherited by every organization.

The SOAP Binding Service attributes are as follows:

• Request Handler List

• Web Service Authenticator

• Supported Authentication Mechanisms

Request Handler List

The Request Handler List stores information about the classes implemented from the com.sun.identity.liberty.ws.soapbinding.RequestHandler interface. The SOAP Binding Service provides the interface to process requests and return responses. The interface must be implemented on the server side for each Liberty-based web service that uses the SOAP Binding Service.

To add a new implementation, click New and define values for the following parameters.

Key Parameter

The Key parameter is the last part of the URI path to a SOAP endpoint. The SOAP endpoint in OpenSSO Enterpriseis the SOAPReceiver servlet. The URI to the SOAPReceiver uses the format protocol://host:port/deloy-uri/Liberty/key. If you define disco as the Key, the URI path to the SOAPReceiver for the corresponding Discovery Service would be protocol://host:port/opensso/Liberty/disco.

Different service clients must use different keys when connecting to the SOAPReceiver.

Class Parameter

The Class parameter specifies the name of the class implemented from com.sun.identity.liberty.ws.soapbinding.RequestHandler for the particular web service. For example, class=com.example.identity.liberty.ws.disco.DiscoveryService.

SOAP Action Parameter

The optional SOAP Action can be used to indicate the intent of the SOAP HTTP request. The SOAP processor on the receiving system can use this information to determine the ultimate destination for the service. The value is a URI. No defined value indicates no intent.

SOAP places no restrictions on the format or specificity of the URI or that it is resolvable.

Web Service Authenticator

This attribute takes as a value the implementation class for the Web Service Authenticator interface. This class authenticates a request and generates a credential for a WSC.

This interface is not public. The value of the attribute is configured during installation.

Supported Authentication Mechanisms

This attribute specifies the authentication mechanisms supported by the SOAP Receiver. Authentication mechanisms offer user authentication as well as data integrity and encryption. By default, all available authentication mechanisms are selected. If a mechanism is not selected and a WSC sends a request using it, the request is rejected. Following is a list of the supported authentication mechanisms:

• urn:liberty:security:2003-08:ClientTLS:SAML

• urn:liberty:security:2003-08:ClientTLS:X509

• urn:liberty:security:2003-08:ClientTLS:null

• urn:liberty:security:2003-08:TLS:SAML

• urn:liberty:security:2003-08:TLS:X509

• urn:liberty:security:2003-08:TLS:null

• urn:liberty:security:2003-08:null:SAML

• urn:liberty:security:2003-08:null:X509

• urn:liberty:security:2003-08:null:null

• urn:liberty:security:2004-04:ClientTLS:Bearer

• urn:liberty:security:2004-04:TLS:Bearer

• urn:liberty:security:2004-04:null:Bearer

• urn:liberty:security:2005-02:ClientTLS:Bearer

• urn:liberty:security:2005-02:ClientTLS:SAML

• urn:liberty:security:2005-02:ClientTLS:X509

• urn:liberty:security:2005-02:TLS:Bearer

• urn:liberty:security:2005-02:TLS:SAML

• urn:liberty:security:2005-02:TLS:X509

• urn:liberty:security:2005-02:null:Bearer

• urn:liberty:security:2005-02:null:SAML

• urn:liberty:security:2005-02:null:X509

Enforce Only Known Providers

If enabled, this property will enforce the ProviderID header sent in a SOAP message to ensure that the provider exists in the system. If it does not, the request will be rejected. If this attribute is not enabled, the check will be skipped.

Certification Alias For SSL Client Authentication

Value is set during installation. Client certificate alias that will be used in SSL connection for Liberty SOAP Binding.

Time Limit for Stale Message

Default value is 300000. Determines if a message is stale and thus no longer trustworthy. If the message timestamp is earlier than the current timestamp by the specified number of milliseconds, the message the considered to be stale.

Message ID Cache Cleanup Interval

Default value is 60000. Specifies the number of milliseconds to elapse before cache cleanup events begin. Each message is stored in a cache with its own message ID to avoid duplicate messages. When a message's current time less the received time exceeds thestaleTimeLimit value, the message is removed from the cache.

Supported SOAP Actors

Default value is http://schemas.xmlsoap.org/soap/actor/next. Specifies supported SOAP actors. Each actor must be separated by a pipe character (|).

Namespace Prefix Mapping

Default value is:

=S=http://schemas.xmlsoap.org/soap/envelope/|sb=urn:liberty:sb:2003-08
|pp=urn:liberty:id-sis-pp:2003-08|ispp=http://www.sun.com/identity/
liberty/pp|is=urn:liberty:is:2003-08

Specifies the namespace prefix mapping used when marshalling a JAXB content tree to a DOM tree. The syntax is prefix=namespace|prefix=namespace|...

JAXB Package List

Specifies JAXB package list used when constructing JAXBContext. Each package must be separated by a colon (:).

Liberty Identity Web Service Version

This property determines the Liberty ID-WSF framework when the framework cannot determine from the in-bound message or from the resource offering when OpenSSO is acting as the WSC. Values can be 1.0 or 1.1. The default is 1.1.