Previous Topic: How the Policy Server Processes VariablesNext Topic: Security Requirements When Resolving Web Services Variables


Web Service Variables

Web service variables provide a method for including dynamic data from a web service in a SiteMinder policy. Web service variables are resolved by calling a web service. The Policy Server sends a SOAP request document, as specified in the web service variable definition, and receives a SOAP response document as a reply. The Policy Server extracts the value of the web services variable from the SOAP response document.

The Simple Object Access Protocol (SOAP) is a lightweight, XML-based protocol that consists of three parts:

The following figure shows how a SiteMinder deployment resolves a web services variable for a web service inside an Intranet. The web service is on the same side of the firewall as the Policy Server.

Graphic showing a SiteMinder deployment resolving a web services variable for a web service inside an Intranet

In this scenario, if a Web Service variable is associated with an authorization request, it is resolved on the Policy Server side by calling the Web Service Variables Resolver. The Web Service Variables Resolver runs in the same process space.

When defining the Web Service variable, the user specifies the SOAP document to send to the Web Service, the authentication credentials, and other parameters.

The resolver sends the specified SOAP document to the web service, extracts the value of the variable from the response and forwards it to the Policy Server to complete the authorization request.

Even if there is a firewall between the Policy Server and the web service, it can be configured to allow communication between the two. The Policy Server issues the request and reads the response, so the firewall is only required to allow outbound requests from the Policy Server to the web service.

A secure SSL connection can be configured between the Policy Server and the web service to allow for the inbound responses to come from the Web Service to the Policy Server. The SSL connection uses the server-side certificates on the web service and a list of trusted certificate authorities that are configured on the Policy Server side.

Component Requirements for Web Service Variables

Web service variables require a session store.

Note: More information about configuring a session store, see the Policy Server Installation Guide. For more information about upgrading a session store, see the SiteMinder Upgrade Guide.