Contents
|
Resource Offering
A resource offering is the association of a resource and a service instance. Typically, a single service instance will serve many resources. For example, a personal profile service provider will serve multiple profiles to a single service instance. It would be impractical to have a separate protocol endpoint for each profile.
The Discovery Service is an identity service that allows requestors to discover resource offerings. In Access Manager, resource offerings can be stored and managed in three different ways:
- User Discovery Resource Offering - This is a resource offering associated with particular user. To access the User Discovery Resource offering, select Users in the Identity Management module, and choose Resource Offerings from the View menu in the Navigation pane.
- Dynamic Resource Offering - This is a resource offering associated with and organization or role.
- Resource Offering for Bootstrapping Mode - This resource offering is accessed through the Discovery Service in the Service Configuration module. The resource offering is sent to the service provider or web service client (WSC) in the Single Sign-on assertion during Single Sign-on.
To Define Resource Offering.
- Enter a value for the Resource ID Attribute.
This field defines an identifier for a a Resource ID value.
- Enter the Resource ID Value.
This field defines the URI used to identify a particular resource. It must not be a relative URI and should contain a domain name which is owned by the provider that is hosting the resource. If a resource is exposed through multiple resource offering elements, all of those resource offering elements should have the same Resource ID value.
Example of a Resource ID value:
http://profile-provider.com/profiles/14m0B82k15csaUxs
urn:libery:isf:implied-resource
- Enter a description of the resource offering in the Abstract field.
- Enter the Service Instance.
This field defines an active web service at a distinct endpoint.
- Enter the Service Type.
This field contains the URI that defines the type of service that service instance implements. For example:
urn:liberty:id-sis-pp:2003-08
- Enter the Provider ID.
This field contains the URI of the provider of this service instance. For example:
http://profile-provider.com
- Define the Service Description.
For each resource offering profile, at least one service description must be defined. The service description fields are as follows:
Security Mechanism ID.This field lists all available security mechanisms that the service instance supports, which define how a web service client authenticates to the web service provider. Select the security mechanisms you wish to add and click the Add button. To arrange the priority, select the mechanism and use the Move Up and Move Down buttons.
Brief SoapHttp Description. If selected (default), this provides inline the information necessary to invoke basic SOAP-over-HTTP-based service instances, without using Web Service Description Language (WSDL).
End Point. This field contains the URI of the SOAP-over-HTTP endpoint. The URI scheme must be HTTP or HTTPS. For example:
https://soap.profile-provider.com/soap
SOAP Action. This field contains the equivalent of the wsdlsoap:soapAction attribute of the wsdlsoap:operation element in a WSDL-based description.
WSDL Reference. This field references an external concrete WSDL resource.
Service Namespace. This field references a wsdl:service element with the WSDL resource, such that ServiceNameRef is equal to the wsdl:name attribute of the proper wsdl: service element.
Service Local Part. This field provides the local part of the qualified name of the service namespace URI.
- Enter the Resource Offering Options.
This field lists the options available for the resource offering to provide hints to a potential requestor as to whether certain data or operations are available to a particular offering. If no option is specified, the service instance does not advertise any available options.
- Choose the resource offering Directives. The directives are as follows:
Authorize Requester. This directive is specified for discovery service provider to include a SAML assertion containing a ResourceAccessStatement in any future QueryResponse message.
Authenticate Session Context. This directive is specified for discovery service provider to include a SAML assertion containing a SessionContextStatement in any future QueryResponse message.
AuthenticateRequester. This directive must be used with any descriptions, including the security mechanisms from LibertySecMech which uses SAML for message authentication.
EncryptResourceID. This directive specifies that the discovery service must not reveal the unencrypted resource ID to the clients. Currently, this directive is not supported, so the resource ID will not be encrypted when this directive is selected. If you wish to associate a directive with one or more description elements in the resource offering, select the checkbox in front of that Description ID. If none of the Description IDs are selected, the directive is applied to all description elements provided in the resource offering.
- Click Save.
Contents |