SiteMinder supports different types of response attributes. The types of response attributes determine where the Policy Server finds the proper values for the response attributes.
You can specify the following types of response attributes when you add response attributes to a SiteMinder response:
Returns data that remains constant.
Use a static attribute to return a string as part of a SiteMinder response. This type of response can be used to provide information to a Web application. For example, if a group of users has specific customized content on a Web site, the static response attribute, show_button = yes could be passed to the application.
Returns profile information from a user's entry in a user directory.
This type of response attribute returns information associated with a user in a directory. A user attribute can be retrieved from an LDAP, WinNT, Microsoft SQL Server or Oracle user directory.
Note: In order for the Policy Server to return values from user directory attributes as response attributes, the user directories must be configured on the SiteMinder User Directory pane.
Returns profile information from a directory object in an LDAP, Microsoft SQL Server or Oracle user directory.
This type of response attribute is used to return information associated with directory objects to which the user is related. Groups to which a user belongs, and Organizational Units (OUs) that are part of a user DN, are examples of directory objects whose attributes can be treated as DN attributes.
For example, you can use a DN attribute to return a company division for a user, based on the user's membership in a division.
Note: In order for the Policy Server to return values from DN attributes as response attributes, the user directories must be configured on the SiteMinder User Directory pane.
Returns values from a customer supplied library that is based on the SiteMinder Authorization API.
An Active Response is used to return information from an external source. An Active Response is generated by having the Policy Server invoke a function in a customer-supplied shared library. This shared library must conform to the interface specified by the Authorization API (available separately with the Software Development Kit; if installed, see the API Reference Guide for C for more information).
Note: It is up to you to make sure the value returned by an active response is valid. For example, if an active response returns a numeric type, the library and function must return a string whose value is a number.
When you configure a response attribute, the correct Value Type for the response attribute is displayed on the Response Attribute pane.
Returns the value of the specified variable at runtime.
Select Variable Definition when you want to select and use a variable from a list of already-defined variables.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |