Resource Offerings for Bootstrapping
This attribute defines a resource offering for bootstrapping a service. After single sign-on (SSO), this resource offering and its associated credentials will be sent to the client in the SSO assertion. Only one resource offering is allowed for bootstrapping. By default, this offering contains information regarding the Discovery Service. Tasks associated with this attribute include:
Note –
The value of the Resource Offerings for Bootstrapping Resources attribute is a default value configured during installation. If you wish to define a new resource offering, you must first delete the existing resource offering. If you wish to modify the existing resource offering, click on the Edit link.
To Configure a Resource Offering for Bootstrapping
Only one resource offering is allowed for bootstrapping. By default, this offering contains information regarding the Discovery Service. If a resource offering is already defined, you can modify the attributes by clicking the Edit link. You may also select the box next to the name of the Resource Offering to delete the existing resource offering. To configure a new resource offering, you would then click New.
-
In the Federation Manager Console, click the Web Services tab.
-
Under Web Services, select the Discovery Service tab.
-
Under Resource Offerings for Bootstrapping, click New or click Edit to modify existing attributes.
The Resource Offering attributes are displayed.
-
Provide or modify values for the resource offerings attributes.
- Description
-
An optional description of the resource offering.
- Service Type
-
A URI that defines the type of service the resource offering implements. For example, urn:liberty:disco:2003-08.
Note –It is recommended that this URI be the same as the targetNamespace URI of the abstract WSDL description for the service.
- Provider ID
-
A URI that points to the provider of the service instance. For example, http://server.sun.com:80/amserver/Liberty/disco.
- Security Mechanism ID
-
One or more URIs that identify the security mechanisms supported by the service instance defined in the previous attributes. These security mechanisms refer to the way a web service consumer authenticates to the web service provider. This attribute lists all of the security mechanisms that the service instance supports. The consumer picks the first mechanism (in the order listed) that it supports. They are listed in order of preference.
- Options
-
Check this box if the service has no options available for the resource offering. Options provide hints to a potential requester whether certain data or operations may be available with a particular resource offering. For example, an option may be provided stating that home contact information is available.
- Option List
-
This attribute contains a list of options for the service instance. The option is defined as a URI. The set of possible URIs are generally standardized by the service type.
- Directives
-
All supported directives (as described in Supported Directives) may contain a descriptive reference. If these Description ID References attributes are not defined for a directive, the directive is taken to apply to all authentication mechanisms provided in the resource offering. If a directive is enabled here, it MUST be defined with a list of Description ID References that refer to the authentication mechanism with which the directive is associated. The directive also MUST be taken to apply only to those descriptions referred to in the ID Refs list. This may be useful if certain directives are incompatible with certain security mechanisms. The supported directives for which Description ID References can be defined are:
-
GenerateBearerToken
-
AuthenticateRequestor
-
Encrypt ResourceID
-
AuthenticateSessionContext
-
AuthorizeRequester
-
-
Click OK to complete the mapper configuration.
-
Click Save on the Discovery Service page to complete the service configuration.
To Configure a Service Description
The Service Description attribute defines a running web service at a distinct protocol endpoint. It is defined when you configure Resource Offerings for Bootstrapping. Information about service instances needs to be communicated in various contexts. For example, the Discovery Service defined is an identity service which provides an enumeration of resource offerings (each of which includes a service instance description).
-
In the Federation Manager Console, click the Web Services tab.
-
Under Web Services, select the Discovery Service tab.
-
Under Resource Offerings for Bootstrapping, click New or click Edit to modify existing attributes.
The Resource Offering attributes are displayed.
-
From the configuration screen of the Resource Offering for Bootstrapping attribute, click Add Mechanism ID to display the new security mechanism ID attributes or click Edit to modify an existing description.
-
Provide values for the attributes based on the following information:
- Security Mechanism ID
-
This attribute is where authentication methods supported by the Discovery Service are added. These security mechanisms refer to the way a web service consumer authenticates to the web service provider or provides message-level security. By default, all available methods that the service instance supports are selected. If an authentication method is not selected, and a web services consumer sends a request using that method, the request is rejected. See Supported Authentication Mechanisms.
- End Point URL
-
Takes the URI for the SOAP-over-HTTP endpoint. For example, http://daiquiri.sun.com:80/amserver/Liberty/disco.
- SOAP Action
-
SOAP Action can be used to indicate the intent of the SOAP HTTP request. The SOAP processor on the receiving system can use this information to determine the ultimate destination for the service. The value is a URI. No defined value indicates no intent.
Note –SOAP places no restrictions on the format or specificity of the URI or that it is resolvable.
-
Click OK to complete the service configuration.
-
Click Save on the Discovery Service page to complete the service configuration.
- © 2010, Oracle Corporation and/or its affiliates