Publish Internal Service
This topic describes how to publish an internal service on the gateway.
This topic describes how to publish an internal service on the
Layer7 API Gateway.
Publishing an internal service does the following:
- Adds the service to the Services and Policies list on the Policy Manager interface.
- Establishes the service's initial policy in the policy development window.
For the WSDM internal services, the publishing process will automatically add a Subscribe to WSDM Resource Assertion to the policy, depending on the service published. These assertions should not be deleted from the policies, as they are necessary for connecting to the WSDM metrics calculation service.
For the UDDI service, the publishing will process will automatically add a Handle UDDI Subscription Notification Assertion to the policy.
As with all Gateway-published services, you can publish multiple instances of the same internal service—simply ensure that each contains a unique resolution URI. After publication, you can view the service's WSDL code from within the service properties.
(1) You must have a role of Administrator to publish or modify an internal service. Once a service is published, the "Manage [serviceName] Service" role can be used to give users Administrator-like powers for that specific service only. For more information, see Publish Internal Service Wizard.
Choose a task to perform:
Understanding the Internal Services
An internal service is a category of published services within the CA API Gateway that has all associated information and WSDL information predefined. An internal service is like a standard web service that is defined in the Gateway.
Certain internal services may automatically insert assertions into your policy. These assertions can be used as a starting point for you to customize the service logic to meet your needs.
Do not confuse internal services with
internal use policies. The former are web services that require publishing, while the latter are like policy fragments that are inserted into a service policy. An internal service may or may not insert assertions into your service policy. For more information, see Internal Use Policies.
For more information on how to publish an internal service, see Publish Internal Service Wizard. These are noted below.
The following internal services are currently available:
Gateway Management Service
This service can be used to remotely administer the Gateway (cluster) using a SOAP client. Examples of clients include the Java API or the Management Client command line utility, both supplied by CA Technologies.
For information on using the Gateway Management interface, refer to WS Management API.
Gateway REST Management Service
This service provides a REST API for managing the Gateway.
For information on installing the Gateway REST Management interface, refer to REST Management API.
Generic Identity Management Service
This is a generic service that provides a standardized way of authenticating users and extracting authorization information using facilities provided by the CA API Gateway.
When publishing the Generic Identity Management Service, CA Technologies recommends using the default routing URI.
For information on using the Generic Identity Management Service, see Working with the Generic Identity Management Service.
Security Token Service
This service is used to control the security tokens that have been issued or will be issued. This service requires a WSDL for publishing and it will add a default policy for low level details such as customizing various token requirements (types of tokens issued, authentication mechanisms, etc.). For example, the policy uses the Create SAML Token assertion for creating SAML Tokens with various SAML specification options (e.g., a choice of SAML AuthenticationStatement or AttributeStatement). It uses the Create Security Context Token assertion to create a Security Context Token and applies different authentication as needed.
For information on using the Security Token Service, see Working with the Security Token Service.
UDDI Notification Service
This service allows a client to be notified when there are changes to the UDDI registry. It will create an internal notification policy with a single Handle UDDI Subscription Notification Assertion.
Ensure that the UDDI Notification service has also been published to a UDDI registry. This will enable the [Subscribe for notification] setting in the UDDI Registry Properties. For more information, see Publish to UDDI Settings.
WSDM QosMetrics Service
This service allows a client to request metrics data for a given managed resource. It has one method: GetMultipleResourceProperties. To specify the resource from which you are requesting metrics, see "Specifying a Resource for a WSDM Service" below. For a list of supported metrics, refer to the Collect WSDM Metrics Assertion.
WSDM Subscription Service
This service allows a client to subscribe to receive notifications about changes in a resource. It has three methods: Subscribe, Renew, Unsubscribe. To specify the resource to which you are subscribing, see "Specifying a Resource for an WSDM Service" below.
Specifying a Resource for an WSDM Service
To specify a resource for either of the WSDM internal services, you can use any of the following techniques:
Include the resource ID within the URL
The resource ID is appended to the query string as follows:
where '12345' is the resource entity ID. To locate your resource entity ID, access the service's properties and look for the "Service GOID" in the [General] tab.
Include the resource ID as part of the SOAP message
A message is sent to http://<gateway_host>:8080/wsdm/qosmetrics, with the resource ID embedded within the message:
Include the resource URI within the URL of the query string
The resource URI is appended to the query string as follows:
This technique requires that the service URI resolves to exactly one service, otherwise a SOAP fault will be returned.
If the URI resolves to multiple services, try using the serviceoid method instead (see "Include the resource ID within the URL" above).
Case Sensitivity for Locating WSDM Services
By default, matching of resource URIs is done in a case-sensitive manner. If case sensitivity for service resolution is disabled, the matching of resource URIs is affected accordingly.
For example, the service can be identified by a path ("Include the resource URI within the URL of the query string") and a request may be sent to:
In the example above, the value “warehouse” will be compared case sensitively or case insensitively, depending on the resolution settings.
For information on case sensitivity during service resolution, see Manage Service Resolution.