Defining and managing service client or provider bindings

Service client or provider bindings are general bindings. You can create, copy, and manage general bindings such as the client or provider policy set bindings. These bindings provide system-specific configuration and can be reused across policy set attachments.

Before you begin

You cannot assign a binding to a service provider resource that does not have a policy set or has an inherited attachment. To assign a binding to such a service provider resource, you must first attach a policy set to the resource. Also, you cannot assign a binding to a service client resource that does not have an effective policy configuration or has an inherited policy attachment. To assign a binding to such a service client resource, you must first attach a policy set or specify the use of the provider policy. For more information, read about attaching a policy set to a service artifact.

About this task

There are two types of bindings, application specific bindings and general bindings.

Application specific binding

You can create application specific bindings only at a policy set attachment point. These bindings are specific to and defined by the characteristics of the policy. Application specific bindings are capable of providing configuration for advanced policy requirements, such as multiple signatures; however, these bindings are only reusable within an application. Furthermore, application specific bindings have limited reuse across policy sets.

When you create an application specific binding for a policy set attachment, the binding begins in an unconfigured state. You must add each policy, such as WS-Security or HTTP transport, that you want to override the default binding and fully configure the bindings for each policy that you have added. For WS-Security policy, some high level configuration attributes such as TokenConsumer, TokenGenerator, SigningInfo, or EncryptionInfo might be obtained from the default bindings if they are not configured in the application specific bindings.

For service providers, you can only create application specific bindings by selecting Assign Binding > New Application Specific Binding for service provider resources that have an attached policy set. Similarly, for service clients, you can only create application specific bindings by selecting Assign Binding > New Application Specific Binding for service client resources that have an attached policy set.

General bindings

General bindings can be configured to be used across a range of policy sets and can be reused across applications and for trust service attachments. Though general bindings are highly reusable, they do not provide configuration for advanced policy requirements, such as multiple signatures. There are two types of general bindings:

  • General provider policy set bindings
  • General client policy set bindings
Avoid trouble: The general bindings that are included with the product are provider and client sample bindings. Do not use these bindings in their current state in a production environment. However, if they were modified to contain non-sample data, they could be used in a production environment.

Depending on your assigned security role when security is enabled, you might not have access to text entry fields or buttons to create or edit configuration data. Review the administrative roles documentation to learn more about the valid roles for the application server.

Avoid trouble:

To create a policy set binding that contains a WS-Security binding, copy an existing sample policy set binding. If you create a policy set binding for WS-Security and do not use the copy, the new policy set binding can cause unexpected problems at run time.

After you make a copy of the provider or client sample bindings, customize only the settings of your new copy to suit your purposes. Do not remove anything from your binding copy, such as token generators, token consumers, sign parts, or encrypt parts. You can add to your binding copy if needed, but deleting information can cause unanticipated errors at run time.

You can complete the following tasks to define and manage general client or provider policy set bindings.

Procedure

  1. To create a new general client or provider policy set binding or to manage the binding configuration from the administrative console, click Services > Policy sets > General client policy set bindings > New. You can also access this panel by clicking Services > Policy sets > General provider policy set bindings > New. Use the resulting detail panel to create a new client or provider policy set binding. For more information, read about creating new or configuring existing general binding settings.
  2. To copy a specific policy set binding, select the binding name from the table and click Copy. For more information, read about copying a policy set binding settings.
  3. To import a client or provider policy set binding, click Import. Read about importing policy set bindings using the administrative console to complete the import task.
  4. To export a client or provider policy set binding, select the binding name from the table, and click Export. For more information, read about export policy set binding settings.
  5. To delete a policy set binding, select the binding name from the table, and click Delete. For more information, read about deleting policy set bindings.

Results

When you finish this task, you have created, copied, exported, imported or deleted a client or provider policy set binding.