After a service is discovered and data is received from a trusted identity provider, a web service consumer can invoke a service at the web service provider. A web service provider is the hosting or relying entity on the server side that can make access control decisions based on this data and upon its business practices and preferences.
Identity Server comes with the following web service profile types:
|
Authentication Profile: Allows the system to access the roles and authentication contracts in use by current authentications. This profile is enabled by default so that ESP can evaluate roles in policies. This profile can be disabled. When it is disabled, all devices assigned to use this Identity Server cluster configuration cannot determine which roles a user has been assigned, and the devices evaluate policies as if the user has no roles. WARNING:Do not delete this profile. In normal circumstances, only the system uses this profile. |
|
Credential Profile: Allows users to define information to keep secret. It uses encryption to store the data in the directory the user profile resides in. |
|
Custom Profile: Allows to create custom attributes for general use. |
|
Discovery: Allows requesters to discover where the required resources are located. Entities can place resource offerings in a discovery resource, allowing other entities to discover them. Resources might be a personal profile, a calendar, travel preferences, and so on. |
|
Employee Profile: Allows to manage employment-related information and how this information is shared with others. For example, a company address book that provides details such as names, phones, and office locations. |
|
LDAP Profile: Allows to use LDAP attributes for and general use. |
|
Personal Profile: Allows to manage personal information and to determine how to share that information with others. A shopping portal that manages the user’s account number is an example of a personal profile. |
|
User Interaction: Allows you to set up a trusted user interaction service, used for identity services that must interact with the resource owner to get information or permission to share data with another web service consumer. This profile enables a web service consumer and web service provider to cooperate in redirecting the resource owner to the web service provider and back to the web service consumer. |
Perform the following steps to manage web service providers:
Click Devices > Identity Servers > Edit > Liberty > Web Service Provider.
Select one of the following actions:
New: To create a new web service, click New. This activates the Create Web Service Wizard. You can create a new profile only if you have deleted one.
Delete: To delete an existing profile, select the profile, then click Delete.
Enable: To enable a profile, select the profile, then click Enable.
Disable: To disable a profile, select the profile, then click Disable.
Edit a Policy: To edit the policy associated with a profile, click Policy. For more information, see Editing Web Service Policies.
Edit a profile: To edit a profile, click the name of a profile. For more information, see Modifying Service and Profile Details for Employee, Custom, and Personal Profiles and Modifying Details for Authentication, Discovery, LDAP, and User Interaction Profiles.
For information about modifying the description, see Editing Web Service Descriptions.
Click OK.
Update Identity Server.