Response attributes enable the Policy Server to deliver information to agents. There are two types of attributes:
Well-known attributes are always returned by the Policy Server after certain calls, such as Sm_AgentApi_Login(). These attributes represent static, fixed data such as the user DN and Universal ID.
Policy-based attributes are returned by Sm_AgentApi_Login() and Sm_AgentApi_Authorize(). These attributes are based on policies and are the vehicle for delivering static and dynamic data from the Policy Server to agents, so that the agents can distinguish between authentication and authorization attributes. The actual source of the data is defined on the Policy Server using the responses feature that can be configured to deliver data from a variety of sources. Data may include static information, information from a directory profile or a custom Policy Server plug-in. When the responses are properly configured, agents are capable of performing fine-grained access control as well as profile-driven personalization.
Based on a policy definition, response attributes can time out or be cached for the duration of the user session. The Policy Server delivers an attribute along with the TTL (Time-To-Live) value, calculated in seconds. If the agent is caching user sessions or authorizations or both, it is responsible for keeping the relevant attributes up to date. Agents issue the Sm_AgentApi_UpdateAttributes() call to update stale attributes.
Copyright © 2014 CA.
All rights reserved.
|
|