14.5 Configuring the Web Service Consumer

The Web service consumer is the component within the identity provider that requests attributes from Web service providers. The identity provider and Web services consumer cooperate to redirect the user or resource owner to the identity provider, allowing interaction. You can configure an interaction service, which allows the identity provider to pose simple questions to a user. This service can be offered by trusted Web services consumers, or by a dedicated interaction service provider that has a reliable means of communication with the users.

  1. In the Administration Console, click Devices > Identity Servers > Edit > Liberty > Web Service Consumers

    The following general settings configure time limits and processing speed:

    Protocol Timeout (seconds): Limits the time the transport protocol allows.

    Provider Timeout (seconds): Limits the request processing at the Web service provider. This value must always be equal to or greater than the Protocol Timeout value.

    Attribute Cache Enabled: A subsystem of the Web service consumer that caches attribute data that the Web service consumer requests. For example, if the Web service consumer has already requested a first name attribute from a Web service provider, the Web service consumer does not need to request the attribute again. This setting improves performance when enabled. However, you can disable this option to increase system memory.

  2. Specify how and when the identity provider interacts with the user:

    Always Allow Interaction: Allows interaction to take place between users and service providers.

    Never Allow Interaction: Never allows interaction between users and service providers.

    Always Allow Interaction for Permissions, Never for Data: Allows interaction for permissions, never for data.

    Maximum Allowed Interaction Time: Specifies the allowed time (in seconds).

  3. To specify the allowable methods that a Web service provider can use for user interaction, click one of the following options:

    Redirect to a User Interaction Service: Allows the Web service consumer to redirect the user agent to the Web service provider to ask questions. After the Web service provider has obtained the information it needs, it can redirect the user back to the Web service consumer.

    Call a Trusted User Interaction Service: Allows the Web service provider to trust the Web service consumer to act as proxy for the resource owner.

  4. Under Security Settings, fill in the following fields:

    WSS Security Token Type: Instructs the Web service consumer/requestor how to place the token in the security header as outlined in the Liberty ID-WSF Security Mechanisms.

    Signature Algorithm: The signature algorithm to use for signing the payload.

  5. Click OK, then update the Identity Server configuration as prompted.