May 18, 2016 at 12:40 pm #10606
I am posting this here because the question covers both OpenAM and OpenIG.
I would really appreciate an example and explanation on using a policy response attribute (mail in my case) in OpenIG when the J2EE agent is used.
The “mail” attribute is set in the relevant policy under “Response Attributes” -> “Subbject Attributes”.
Can this be extracted in the relevant OpenIG route via the J2EE agent?
Is the J2EE agent -> “Application” -> “Response Attribute Processing” setting related to this?
Could someone show me an example of getting this value into a variable in OpenIG?
I would like to use that value in a PasswordReplayFilter that uses an SqlAttributesFilter to get credentials for a legacy application.
I am stuck, this would be the final piece of the puzzle.
I have only recently started with OpenAM/OpenIG and have been reading through the docs over and over again.
I am unable to connect the dots in this case.
Thank you in advance,May 18, 2016 at 1:11 pm #10607Laurent VaillsParticipant
In OpenIG 4, we did not include the possibility to get these attributes.
We added this feature after the release 4, and it is available in our nightly build : https://forgerock.org/openig/doc/bootstrap/reference/index.html#PolicyEnforcementFilter
(note that we also changed the returned status code in case the policy decision was to deny the access to the request resource)
LaurentMay 18, 2016 at 2:04 pm #10610
Is this possible to achieve the same via the J2EE agent?
How far are you from releasing version 5.0?May 18, 2016 at 2:30 pm #10611Laurent VaillsParticipant
The version 5.0 will be released at the end of 2016.
As stated in the paragraph “Versioning” of our README file (https://stash.forgerock.org/projects/OPENIG/repos/openig/browse/README.md), we will have an interim 4.5 release available to the users with support contract.
Someone from the AM team will answer your question regarding the J2EE agent.
LaurentMay 19, 2016 at 12:53 pm #10630
Yes, this can be done via the J2EE agent in a similar way like getting login credentials back from OpenAM.
A short overview below.
Agent Filter Mode: URL_POLICY
Response Attributes Processing: HTTP_HEADER
Response Attribute Mapping: [mail]=USER-MAIL
The response Attribute is also defined on the relevant policy.
The CryptoHeaderFilter is then used to decrypt the content.
You must be logged in to reply to this topic.