You can use eTelligent Rules to define variables that enable fine-grained access-control criteria known as policy expressions.
Policy expressions are implemented as policy attributes. They include operators and customer-defined variables that are evaluated at runtime, when a user actually needs to access a protected resource on a Web site.
Variables can store local information that is within the enterprise or remote information that is provided by various Web Services.
The variables provided by eTelligent Rules are available in the Administrative UI. You can define variable objects and incorporate them into policy logic through policy expressions. You can also include variables in SiteMinder response objects.
The following components are required to use eTelligent Rules:
The Web Agent Option Pack is required only if you plan on using POST variables.
Note: More information on installing a Web Agent exists in the Web Agent Installation Guide. More information on installing the Web Agent Option Pack exists in the Web Agent Option Pack Guide.
Authorization access is defined by the SiteMinder administrator in policy expressions, using graphical tools rather than application code. There is no need to integrate and reconcile backend business applications’ access control information, because that information is centralized in the SiteMinder Policy Server.
Defining access control to secure resources is based on local user information and incoming information, such as the amount of a purchase order placed by the user.
Web browser forms data, user-context data (stored locally in the Policy Server), and remote data (obtained through a service bureau) can be flexibly combined in policy expressions.
There is no need to go back to a backend business application each time authorization is needed to access a protected resource.
eTelligent Rules use a standard XML protocol to communicate with trusted service bureaus, thus increasing the choice of web services providers.
Policy expressions are defined by SiteMinder security administrators, using variables together with logical operators.
Due to the use of policy expressions based on logic, fewer policies are necessary, thus keeping policy administration to a minimum.
The tasks require to configure eTelligent Rules are as follows:
Variables and policy expressions are configured using the Administrative UI.
You can modify only the LoggerConfig.properties file.
The following properties files are for eTelligent Rules:
This is a required file for eTelligent Rules. The installed location of this file is: policy_server_home/config/
This file is required to configure logging for eTelligent Rules. The installed location of this file is:
policy_server_home/config/properties
The JVMOptions.txt file contains the settings that the Policy Server uses when creating the Java Virtual Machine that is used to support eTelligent Rules.
If you encounter errors related to missing classes, you may need to modify the classpath directive in the JVMOptions.txt file. For complete information about the settings contained in the JVMOptions.txt file, see your Java documentation.
On the Policy Server, the LoggerConfig.properties file allows you to specify logging features that are used when you start the SiteMinder service from a command line. The properties contained in this file are not used when the service is started from the Policy Server Management Console. The settings in this file are generally only used for debugging purposes.
You may want to modify this file to obtain more output for debugging purposes.
The following shows an example of a LoggerConfig.properties file.
// LoggingOn can be Y, N LoggingOn=Y // LogLevel can be one of LOG_LEVEL_NONE, LOG_LEVEL_ERROR, LOG_LEVEL_INFO, LOG_LEVEL_TRACE LogLevel=LOG_LEVEL_TRACE // If LogFileName is set Log output will go to the file named LogFileName=affwebserv.log // AppendLog can be Y, N. Y means append output to LogFileName if specified AppendLog=Y // AlwaysWriteToSystemStreams can be Y, N. // Y means log messages are written to System.out // or System.err regardless of what the logger streams are // set to. If the logger streams are set to System.out // or System.err log messages will be written multiple times. // This facilitates logging messages to System.out/System.err // and a file simultaneously. AlwaysWriteToSystemStreams=N // DateFormatPattern can be any valid input to java.text.DateFormat constructor. // See the Java documentation for java.text.DateFormat for details // If not specified, the default format for the default locale is used DateFormatPattern=MMMM d, yyyy h:mm:ss.S a
The settings in this file are:
Enables or disables logging. Set this parameter to Y to enable logging. Set this parameter to N to disable logging.
Indicates the level of detail contained in logs. The LogLevel can be one of the following:
No messages will be logged.
Only records error messages.
Records error messages and warnings.
Records error messages, warnings, and general processing information that may be useful for tracking problems.
If LogFileName is set, all log output will go to the file named in this parameter.
Indicates whether log information should be appended to an existing file at startup or a new file should be created at startup. Set this parameter to Y to append output to the file specified in the LogFileName parameter. Set this parameter to N if a new file should be created at startup.
Set this parameter to Y to log messages to System.out or System.err regardless of what the logger streams are set to. If the logger streams are set to System.out or System.err, log messages will be written multiple times. This facilitates logging messages to System.out/System.err and a file simultaneously.
DateFormatPattern can be any valid input to java.text.DateFormat constructor. See the Java documentation for java.text.DateFormat for details.
If not specified, the default format for the default locale is used.
Copyright © 2012 CA.
All rights reserved.
|
|