We have a requirement to match the requested resource (fetched via user context and stores in a variable name RequestedResource) with a multi-value attribute in CA directory that stores 4-5 resource. Please see below for details.
Variable Name: RequestedResource
Variable Value: Requested resource value fetched from the user context
Example: If the requested resource is https://domain:port/abc/xyz, the requested resource will contain /abc/xyz
LDAP attribute Name: MiddleName (multi-valued)
Attribute value: /xyz/abc^/xyz/pqr^/xyz/pqr/abc^/abc (4 resources - /xyz/abc, /xyz/pqr, /xyz/pqr/abc, /abc)
We want to authorize user when the MiddleName contains the RequestedResource. This is the requirement.
If the MiddleName is not multivalued, we are able to achieve this by using condition RequestedResource==MiddleName in the expression tab. But if the MiddleName is multivalued, it doesn't work.
Also, we are unable to use the variable RequestedResource in the users tab as condition in the policy.
Can any one let us know how to use a variable in the users tab as condition in the policy?
Any suggestions in order to achieve this requirement?
Thanks in advance,
Any suggestions around this?
It doesn't look like variable allows comparions with multi valued attribute.
I have implemented this use case with ActivePolicy.
Refer : Tech Tip – How to save custom data into session store during authentication and access later during authorization
Let me know if any question.
Amazing. Thank you Ujwol for helping me out in this. This is great.
Really appreciate your assistance on this.
Glad to help