|
|
|
Web Service Variables provide a method for including dynamic data retrieved from a Web Service in a Policy Server policy. Web Service Variables are resolved by calling a Web Service. The Policy Server sends a SOAP request document, as specified in the Web Service Variable's definition, and receives a SOAP response document as a reply. The Policy Server extracts the value of the Web Services Variable from the SOAP response document.
The Simple Object Access Protocol (SOAP) is a lightweight, XML-based protocol that consists of three parts:
The following figure shows how a SiteMinder deployment resolves a Web Services Variable for a Web Service inside an intranet, and thus on the same side of the firewall as the Policy Server.
In this scenario, if a Web Service variable is associated with an authorization request, it is resolved on the Policy Server side by calling the Web Service Variables Resolver, which runs in the same process space.
The user, when defining the Web Service variable, specifies the SOAP document to be sent to the Web Service, along with the authentication credentials and other parameters as defined in the rest of this document.
The resolver sends the specified SOAP document to the Web Service, extracts the value of the variable from the response and forwards it to the Policy Server to complete the authorization request.
Even if there is a firewall between the Policy Server and the Web Service, it can be configured to allow communication between the two. The Policy Server issues the request and reads the response, so the firewall is only required to allow outbound requests from the Policy Server to the Web Service.
A secure SSL connection can be configured between the Policy Server and the Web Service to allow for the inbound responses to come from the Web Service to the Policy Server, using the server-side certificates on the Web Service and a list of trusted CAs configured on the Policy Server side.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |