Response attributes enable the Policy Server to deliver information to agents. Response attributes are managed through methods in the AgentAPI class.
There are two types of response attributes:
The well-known attributes are always returned by the Policy Server after certain calls such as login(). These attributes represent static, fixed data such as the user DN and Universal ID.
The policy-based attributes are returned by the login() and authorize() methods. These attributes are based on policies and are the vehicle for delivering static and dynamic data from the Policy Server to agents, which can distinguish between authentication and authorization attributes. The actual source of the data is defined on the Policy Server using the responses feature that can be configured to deliver data from a variety of sources. Data may include static information, information from a directory profile, or a custom Policy Server plug-in. Once the responses are properly configured, agents are capable of performing fine-grained access control as well as profile-driven personalization.
Based on a policy definition, response attributes can time out or be cached for the duration of the user session. The Policy Server delivers an attribute along with the TTL (Time-To-Live) value, calculated in seconds. If the agent is caching user sessions and/or authorizations, it is responsible for keeping the relevant attributes up to date. Agents issue the updateAttributes() method to update stale attributes.
Copyright © 2014 CA.
All rights reserved.
|
|