The settings on the Details page are identical for the Employee, Custom, and Personal Profiles. You can specify the display name, resource ID encryption, and how the system reads and writes data.
On the Home page, click Applications > Select a Cluster > [application name] > Liberty > Web Service Provider.
Click Custom Profile, Employee Profile, or Personal Profile as required.
Under Details, specify the general settings, as necessary:
Display Name: The web service name.
Have Discovery Encrypt This Service’s Resource Ids: Specifies whether the Discovery Service encrypts resource IDs. A resource ID is an identifier used by web services to identify a user. The Discovery Service returns a list of resource IDs when a trusted service provider queries for the services owned by a given user. The Discovery Service has the option of encrypting the resource ID or sending it unencrypted.
Specify data location settings:
Selected Read Locations: The list of selected locations from which the system reads attributes containing profile data. If you add multiple entries to this list, the system searches attributes in each location in the order you specify. When a match is found for an attribute, the other locations are not searched. Use the up/down and left/right arrows to control which locations are selected and the order in which to read them. Read locations can include:
Configuration Datastore: Liberty attribute values can be stored in the configuration store of Administration Console. If your users have access to the User Portal, they can add values to a number of Liberty attributes.
LDAP Data Mappings: If you have mapped a Liberty attribute to an LDAP attribute in your user store, the values can be read from the LDAP user store. To create LDAP attribute maps, see Mapping LDAP and Liberty Attributes.
Remote Attributes: If you set up federation, Identity Server can read attributes from these remote service providers. Sometimes, the service provider is set up to push a set of attribute values when the user logs in. These pushed attributes are cached, and Identity Server can quickly read them. If a requested attribute has not been pushed, a request for the Liberty attribute is sent to remote service provider. This can be time consuming, especially if the user has federated with more than one remote service provider. Remote Attributes must always be the last item in this list.
Available Read Locations: The list of available locations from which the system can read attributes containing profile data. Locations in this list are currently not being used.
Selected Write Locations: The list of selected locations to write attribute data to. If you add multiple entries to this list, the system searches attributes in each location in the order you specify. When a match is found for an attribute, the other locations are not searched. Use the up/down and left/right arrows to control which locations are selected and the order in which they are selected.
Configuration Datastore: Liberty attribute values can be stored in the configuration store of Administration Console. Identity Server can write values to these attributes. If this location appears first in the list of Selected Write Locations, all Liberty attribute values are written to this location. If you want values written to the LDAP user store, the LDAP Data Mappings location must appear first in the list.
LDAP Data Mappings: If you have mapped a Liberty attribute to an LDAP attribute in your user store, Identity Server can write values to the attribute in the LDAP user store. To create LDAP attribute maps, see Mapping LDAP and Liberty Attributes.
Available Write Locations: The list of available locations to write attributes containing profile data. Locations in this list are currently not being used.
(Optional) Specify data model extensions.
Data Model Extension XML: The data model for some web services is extensible. You can enter XML definitions of data model extensions in this field. Data model extensions hook into the existing web service data model at predefined locations.
All schema model extensions reside inside of a schema model extension group. The group exists to bind model data items together under a single localized group name and description. Schema model extension groups can reside inside of a schema model extension root or inside of a schema model extension. There can only be one group per root or extension. Each root is hooked into the existing web service data model. Multiple roots can be hooked into the same location in the existing web service data model. This conceptual model applies to the structure of the XML that is required to define data model extensions.
Click OK > OK.
Update Identity Server.