Configuring The Web Services Framework; Enabling Web Services And Profiles - Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual

10.1 Configuring the Web Services Framework

The Web Services Framework page lets you edit and manage all the details that pertain to all Web
services. This includes the framework for building interoperable identity services, permission-based
attribute sharing, identity service description and discovery, and the associated security mechanisms.
1 In the Administration Console, click Devices > Identity Servers > Edit > Liberty > Web
Service Framework.
2 Fill in the following fields:
Enable Framework: Enables Web Services Framework.
Axis SOAP Engine Settings: Axis is the SOAP engine that handles all Web service requests
and responses. Web services are deployed using XML-based files known as Web service
deployment descriptors (WSDD). On startup, Access Manager automatically creates the server-
side and client-side configuration for Axis to handle all enabled Web services. If you need to
override this default configuration, use the Axis Server Configuration WSDD XML field and the
Axis Client Configuration WSDD XML field to enter valid WSDD XML. If either or both of
these controls contain valid XML, then Access Manager does not automatically create the
configuration (server or client) on startup.
3 Click OK.

10.2 Enabling Web Services and Profiles

After a service has been discovered and authorization data has been received from a trusted identity
provider, the Web service consumer can invoke the service at the Web service provider. A Web
service provider is the hosting or relying entity on the server side that can make access control
decisions based on this authorization data and upon its business practices and preferences.
1 In the Administration Console click Identity Servers > Edit > Liberty > Web Service Providers.
2 Select one of the following services:
Authentication Profile: Allows the system to access the roles and authentication contracts in
use by current authentications. This profile is enabled by default so that Embedded Service
Providers can evaluate roles in policies. This profile can be disabled. When it is disabled, all
devices assigned to use this Identity Server cluster configuration cannot determine which roles
a user has been assigned, and the devices evaluate policies as if the user has no roles.
WARNING: Do not delete this profile. In normal circumstances, this profile is used only by
the system.
Credential Profile: Allows users to define information to keep secret. It uses encryption to
store the data in the directory the user profile resides in.
Custom Profile: Used to create custom attributes for general use.
Discovery: Allows requesters to discover where the resources they need are located. Entities
can place resource offerings in a discovery resource, allowing other entities to discover them.
Resources might be a user's credit card information, a personal profile, calendar, travel
preferences, and so on.
Employee Profile: Allows you to manage employment-related information and how the
information is shared with others. A company address book that provides names, phones, office
locations, and so on, is an example of an employee profile.
LDAP Profile: Allows you to use LDAP attributes for authorization and general use.
224 Novell Access Manager 3.1 SP1 Identity Server Guide