The policies and responses used in the examples in the remainder of the chapter are illustrated in the following diagram and described below.
The following is a description of each of the sample policies and the objects contained in each policy.
This policy contains a Get rule that protects the employee.html resource. This resource is located in the /employees realm. The policy binds the user group cn=employees, so that all employees in the LDAP directory can access the resource once they are successfully authenticated. When an authenticated user is authorized by this policy, SiteMinder returns a response of the user's email address. For example, if employee1 attempts to access
/home/employees/employee.html and is successfully authenticated, the Policy Server allows employee1 to access the resource and returns the email address:
employee1@myorg.org
A Web application can use this response for customization when accessing other company resources.
This policy contains a Get rule that protects the manager.html resource. This resource is located in the /manager realm. The policy binds the user group cn=managers so that only employees contained in cn=managers group can access the resource once they are successfully authenticated. When an authenticated manager is authorized by this policy, SiteMinder returns a static response. In the example, if employee3 attempts to access /home/employees/managers/manager.html and is successfully authenticated, the Policy Server allows employee3 to access the resource and returns the following response:
manager=YES
An application can use this response to activate features that are only available to company managers.
This policy contains a Get rule that protects the restricted.html resource. This resource is located in the
/restricted realm. The policy binds only the employees in the directory who have an access level user attribute of two (a_lvl=2). Managers with the correct access level can access the resource once they are successfully authenticated. When a user attempts to access the restricted.html resource, SiteMinder returns a response of a_lvl=<0-2>. For example, if employee4 attempts to access
/home/employees/managers/restricted/restricted.html and is successfully authenticated, the Policy Server allows employee4 to access the resource and returns the following response:
a_lvl=2
An application can use this response to activate features that are only available employees with an access level of two.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |