Symantec Access Management

 View Only
  • 1.  How to use a variable in the user's tab (condition) of policy?

    Posted May 14, 2018 03:07 AM

    Hi Team,

     

    We have a requirement to match the requested resource (fetched via user context and stores in a variable name RequestedResource) with a multi-value attribute in CA directory that stores 4-5 resource. Please see below for details.

     

    Variable Name: RequestedResource

    Variable Value: Requested resource value fetched from the user context

    Example: If the requested resource is https://domain:port/abc/xyz, the requested resource will contain /abc/xyz

     

    LDAP attribute Name: MiddleName (multi-valued)

    Attribute value: /xyz/abc^/xyz/pqr^/xyz/pqr/abc^/abc (4 resources - /xyz/abc, /xyz/pqr, /xyz/pqr/abc, /abc)

     

    We want to authorize user when the MiddleName contains the RequestedResource. This is the requirement.

     

    If the MiddleName is not multivalued, we are able to achieve this by using condition RequestedResource==MiddleName in the expression tab. But if the MiddleName is multivalued, it doesn't work. 

     

    Also, we are unable to use the variable RequestedResource in the users tab as condition in the policy. 

     

    Can any one let us know how to use a variable in the users tab as condition in the policy?

    Any suggestions in order to achieve this requirement?

     

    Thanks in advance,

    Shivam



  • 2.  Re: How to use a variable in the user's tab (condition) of policy?

    Posted May 15, 2018 09:25 AM

    Team,

    Any suggestions around this?

     

    Thanks,

    Shivam



  • 3.  Re: How to use a variable in the user's tab (condition) of policy?
    Best Answer

    Posted May 23, 2018 03:00 AM

    Hi Shivam,

     

    It doesn't look like variable allows comparions with multi valued attribute.

     

    I have implemented this use case with ActivePolicy.

    Refer : Tech Tip – How to save custom data into session store during authentication and access later during authorization 

    Let me know if any question.

    Regards,

    Ujwol



  • 4.  Re: How to use a variable in the user's tab (condition) of policy?

    Posted May 23, 2018 09:01 AM

    Amazing. Thank you Ujwol for helping me out in this. This is great.

     

    Really appreciate your assistance on this.  



  • 5.  Re: How to use a variable in the user's tab (condition) of policy?

    Posted May 23, 2018 10:07 AM

    Glad to help