You create a variable to make it available for use in policies or responses. Variables are domain objects. You create them within a specific policy domain, or import them into a domain using the smobjimport tool.
More information about importing objects into policy domains exists in the Policy Server Administration guide.
SAML Assertion variables let you obtain information from any SAML assertion and use this information in policy expressions to authorize a client. The assertion may be included in a SOAP envelope or HTTP header of an incoming XML message. For example, you can create a variable that enables the Policy Server to check who issued the assertion before permitting access to a web service.
SAML assertion variables are resolved to the value of an XPath string. The string identifies an element (and optionally, an operation to perform on that element) of a SAML assertion.
Note: For more information about XPATH, see the XPATH specification available at http://www.w3.org/TR/xpath.
To create a variable
A table lists the variables associated with the domain.
The Create Variable screen appears.
Variable settings open.
SAML Assertion variable settings open.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
The variable appears in the Variables tab of the domain. The variable can now be used in policy expressions or responses.
Transport variables let you obtain HTTP header values from the web service request.
To create a variable
A table lists the variables associated with the domain.
The Create Variable screen appears.
Variable settings open.
Transport variable settings open.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
(Optional) Specifies a brief description of the variable.
Limits: No more than 1KB.
Specifies the data type in which the value of the transport header data should be returned:
Specifes the name of the HTTP header (for example, SOAPAction) that will provide the value of the variable.
The variable appears in the Variables tab of the domain. The variable can now be used in policy expressions or responses.
XML Agent variables let you obtain information about the web server whose resources the WSS Agent is protecting for use in policy expressions or responses.
To create a variable
A table lists the variables associated with the domain.
The Create Variable screen appears.
Variable settings open.
XML Agent variable settings open.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
(Optional) Specifies a brief description of the variable.
Limits: No more than 1KB.
Specifies the XML Agent property that will provide the value of the variable:
The variable appears in the Variables tab of the domain. The variable can now be used in policy expressions or responses.
XML Body variables let you obtain information from any element in the body (or payload) of an incoming XML message for use in policy expressions and responses.
Specifically, XML Body variables are resolved to the value of an XPath string that identifies an element (and optionally, an operation to perform on that element) of an XML document.
Note: For more information about XPATH, see the XPATH specification available at http://www.w3.org/TR/xpath.
To create a variable
A table lists the variables associated with the domain.
The Create Variable screen appears.
Variable settings open.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
(Optional) Specifies a brief description of the variable.
Limits: No more than 1KB.
Specifies the data type in which the value of the specified XPATH query should be returned:
The schema is uploaded.
The Select a node group box displays the selected schema using a standard tree-style hierarchical view. Click the plus sign (+) next to an element to expand it. Click the minus sign (-) beside an expanded element to contract it. Elements marked with an asterisk (*) are repeatable within the XML document (that is, incoming XML documents may contain multiple instances of that element).
The Function option lets you create more complex mappings by processing functions that further evaluate the XML document.
Note: For more information about these functions, go to the XPATH specification at http://www.w3.org/TR/xpath.
The variable appears in the Variables tab of the domain. The variable can now be used in policy expressions or responses.
XML Envelope Header Variables let you obtain information from any element in the SOAP envelope header (including WS‑Security headers) of an incoming XML message, for use in policy expressions or responses.
Specifically, XML Envelope Header variables are resolved to the value of an XPath string that identifies a SOAP envelope header element (and optionally, an operation to perform on that element) of an XML document.
Note: For more information about XPATH, see the XPATH specification available at http://www.w3.org/TR/xpath.
To create a variable
A table lists the variables associated with the domain.
The Create Variable screen appears.
Variable settings open.
XML Header variable settings open.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
The variable appears in the Variables tab of the domain. The variable can now be used in policy expressions or responses.
You create a static variable to make it available for use in policies or responses.
Note: The value of the resolved variable must not be greater than 1K.
To create a variable
A table lists the variables associated with the domain.
The Create Variable screen appears.
Variable settings open.
Static variable settings open.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
The variable appears in the Variables tab of the domain. The variable can now be used in policy expressions or responses.
You create a request context variable to make it available for use in policies or responses.
Note: The value of the resolved variable must not be greater than 1K.
To create a variable
A table lists the variables associated with the domain.
The Create Variable screen appears.
Variable settings open.
Note: Request Context variable names must begin with the percent character (%).
Example: %REQUEST_ACTION
Request context settings open.
The variable appears in the Variables tab of the domain. The variable can now be used in policy expressions or responses.
You create a user context variable to make it available for use in policies or responses.
Note: The value of the resolved variable must not be greater than 1K.
To create a variable
A table lists the variables associated with the domain.
The Create Variable screen appears.
Variable settings open.
Note: User Context variable names must begin with the percent character (%).
Example: %SM_USERPATH
User context settings open.
The return type value appears as either string or boolean depending on the value you selected from the Property list.
You create a Form Post variable to make it available for use in policies.
Note: The value of the resolved variable must not be greater than 1K.
To create a variable
A table lists the variables associated with the domain.
The Create Variable screen appears.
Variable settings open.
Form post settings open.
The variable appears in the Variables tab of the domain. The variable can now be used in policy expressions.
Copyright © 2013 CA.
All rights reserved.
|
|