How to: Policy Response Attributes via J2EE agent in OpenIG

This topic has 4 replies, 2 voices, and was last updated 6 years, 2 months ago by bertalanvoros.

  • Author
    Posts
  • #10606
     bertalanvoros
    Participant

    Hello All,

    I am posting this here because the question covers both OpenAM and OpenIG.

    I would really appreciate an example and explanation on using a policy response attribute (mail in my case) in OpenIG when the J2EE agent is used.

    The “mail” attribute is set in the relevant policy under “Response Attributes” -> “Subbject Attributes”.

    Can this be extracted in the relevant OpenIG route via the J2EE agent?
    Is the J2EE agent -> “Application” -> “Response Attribute Processing” setting related to this?

    Could someone show me an example of getting this value into a variable in OpenIG?
    I would like to use that value in a PasswordReplayFilter that uses an SqlAttributesFilter to get credentials for a legacy application.

    I am stuck, this would be the final piece of the puzzle.
    I have only recently started with OpenAM/OpenIG and have been reading through the docs over and over again.
    I am unable to connect the dots in this case.

    Thank you in advance,

    #10607
     Laurent Vaills
    Participant

    Hi,

    In OpenIG 4, we did not include the possibility to get these attributes.
    We added this feature after the release 4, and it is available in our nightly build : https://forgerock.org/openig/doc/bootstrap/reference/index.html#PolicyEnforcementFilter
    (note that we also changed the returned status code in case the policy decision was to deny the access to the request resource)

    Regards,
    Laurent

    #10610
     bertalanvoros
    Participant

    Is this possible to achieve the same via the J2EE agent?
    How far are you from releasing version 5.0?

    #10611
     Laurent Vaills
    Participant

    The version 5.0 will be released at the end of 2016.

    As stated in the paragraph “Versioning” of our README file (https://stash.forgerock.org/projects/OPENIG/repos/openig/browse/README.md), we will have an interim 4.5 release available to the users with support contract.

    Someone from the AM team will answer your question regarding the J2EE agent.

    Regards,
    Laurent

    #10630
     bertalanvoros
    Participant

    UPDATE:
    Yes, this can be done via the J2EE agent in a similar way like getting login credentials back from OpenAM.
    A short overview below.

    J2EE:
    Agent Filter Mode: URL_POLICY
    Response Attributes Processing: HTTP_HEADER
    Response Attribute Mapping: [mail]=USER-MAIL

    OpenAM:
    The response Attribute is also defined on the relevant policy.

    OpenIG:
    The CryptoHeaderFilter is then used to decrypt the content.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?