Have Discovery Encrypt This Service's Resource Ids: (Not applicable for the Discovery
profile) Specifies whether the Discovery Service encrypts resource IDs. A resource ID is an
identifier used by Web services to identify a user. The Discovery Service returns a list of
resource IDs when a trusted service provider queries for the services owned by a given user.
The Discovery Service has the option of encrypting the resource ID or sending it unencrypted.
This ID is encrypted with the public key of the resource provider generated at installation.
Encrypting resource IDs is turned off by default.
4 Click OK.
13.2.3 Editing Web Service Descriptions
All of the Description pages on each profile are identical. You can define how a service provider
gains access to portions of the user's identity information that can be distributed across multiple
providers. The service provider uses the Discovery Service to ascertain the location of a specific
identity service for a user. The Discovery Service enables various entities to dynamically and
securely discover a user's identity service, and it responds, on a permission basis, with a service
description of the desired identity service.
1 In the Administration Console, click Devices > Identity Servers > Edit > Liberty > Web Service
Provider.
2 Click the profile or service.
3 Click Descriptions.
4 Click the description name, or click New.
5 Fill in the following fields:
Name: The Web Service Description name.
Security Mechanism: (Required) Liberty uses channel security (TLS 1.0) and message
security in conjunction with the security mechanism. Channel security addresses how
communication between identity providers, service providers, and user agents is protected. For
authentication, service providers are required to authenticate identity providers by using
identity provider server-side certificates. Identity providers have the option to require
authentication of service providers by using service provider client-side certificates.
Message security addresses security mechanisms applied to the discrete Liberty protocol
messages passed between identity providers, service providers, and user agents.
Select the mechanism for message security. Message authentication mechanisms indicate
which profile is used to ensure the authenticity of a message.
X.509: Used for message exchanges that generally rely upon message authentication as
the principle factor in making authorization decisions.
SAML: Used for message exchanges that generally rely upon message authentication as
well as the conveyance and attestation of authorization information.
Bearer: Based on the presence of the security header of a message. In this case, the bearer
token is verified for authenticity rather than proving the authenticity of the message.
6 Under Select Service Access Method, select either Brief Service Access Method or WSDL
Service Access Method.
296 Novell Access Manager 3.1 SP2 Identity Server Guide
Need help?
Do you have a question about the ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 and is the answer not in the manual?
Questions and answers