Web Services Security Guides › CA SiteMinder® Web Services Security Policy Configuration Guide › (Optional) Configure Variables To Use in Message-based Authorization Policies › Configure Message-based Authorization Using an XPath Query in XmlToolkit.properties

Configure Message-based Authorization Using an XPath Query in XmlToolkit.properties

You can configure message content-based authorization based on information in incoming XML messages by configuring variables and policy expressions to extract the required information and trigger authorization decisions based on the obtained values.

Alternatively, you can configure an XPath query in the target SiteMinder WSS Agent's XMLToolkit.properties file that extracts a value from each incoming message and incorporates it into your policy's resource value.

Note: To find out the location of the XMLToolkit.properties file for each SiteMinder WSS Agent type, see the respective SiteMinder WSS Agent Guide.

Follow these steps:

1. Open the XmlToolkit.properties file in a text editor.
2. Make the following changes in XmlToolkit.properties:
   • Add an ResourceXpathQuery parameter whose value is a valid XPath query that identifies the required XML message element, for example:

     ResourceXPathQuery=/SOAP-ENV:Envelope/SOAP-ENV:Header/method
     

   • (Optional) Add a NodeProperty parameter which specifies a property of an element or attribute to be returned from the XPath query and passed by the SOAP envelope handler to the XPath evaluate method.
3. Save and close the XmlToolkit.properties file.
4. Restart the target SiteMinder WSS Agent.

Notes:

• XPath query processing is namespace aware.
• The XPath query must be rooted at the document root—not at the header or body.
• You can configure only one XPath query per agent instance.
• If the XPath query fails, the target URL will be used as the resource.
• The XPath query is loaded at SiteMinder WSS Agent startup; if it is changed, you must restart the agent.