Contents    

Discovery Service Attributes

The Discovery Service attributes are global attributes. The values applied to them are applied across the Identity Server configuration and are inherited by every configured organization. (They cannot be applied directly to roles or organizations, as the goal of global attributes is to customize the Identity Server application). The Discovery Service attributes are:

Provider ID

This attribute defines the unique identifier used for this Discovery Service. For example:

http://example.com:58080/amserver/Liberty/disco

Supported Authentication Mechanisms

This attribute specifies the authentication mechanisms supported by the Discovery Service. By default, all of the mechanisms are selected. If an authentication mechanism is not selected, and a WSC sends a request using that authentication mechanism, the request will be rejected without passing it to the corresponding WSP.

Supported Directives

This attribute allows you to select the directives that are supported by the Discovery Service. If a service provider wants to insert an entry with an unsupported directive, the request will fail.

Do Policy Evaluation for DiscoveryLookup

If selected, the service will perform a policy evaluation for the DiscoveryLookup operation. By default, the option is not selected.

Do Policy Evaluation for DiscoveryUpdate

If selected, the service will perform a policy evaluation for the DiscoveryUpdate operation. By default, this option is not selected.

Class for Authorizer Plugin

This attribute defines the classname and classpath used for policy evaluation.

Class for Discovery Service Entry Handler Plugin

This attribute defines the classname and classpath used to set or retrieve DiscoEntries.

Classes For Resource ID Mapper Plugin

This attribute contains a list of entries that are used to generate the Resource ID for a resource offering configured for an organization or role. The entries contain a key/value pair (separated by “|”) in the following format:

providerID=providerID|classname_classpath

To add a new request handler, click the add button. The key and value parameters are required.

Generate Session Context Statement for Bootstrapping

This option specifies whether to generate a SessionContextStatement for bootstrapping. SessoinConxtext in the SessionContextStatement is needed by the Discovery Service to support the AuthenicateSessionContext directive. By default, this option is not selected.

Resource Offerings for Bootstrapping

This attribute defines the service’s resource offering for bootstrapping. After Single Sign-on (SSO), this resource offering and its associated credentials will be sent to the client in the SSO assertion. Only one resource offering is allowed for bootstrapping. If you have not defined a resource offering, click New. If you wish to edit an existing resource offering, click the Edit link.


Contents