Policy decision based on HTTP header value?

Tagged: , ,

This topic has 0 replies, 1 voice, and was last updated 5 years, 6 months ago by hindog.

  • Author
    Posts
  • #14839
     hindog
    Participant

    Hi, I’ve looked through the docs and attempted to write an scripted policy condition to evaluate a user’s assigned client id against a value set in the HTTP header. Currently, I have the apache agent extract the client id from the URL and convert it to an HTTP header like this:

    http://example.com/cid/123/foo/bar

    .. and proxy the request to ..

    http://example.com/foo/bar
    X_CLIENT_ID=123

    Now in OpenAM, I want to match that X_CLIENT_ID value against attributes of the groups that the user is a member of. So if the user is a member of group “Client 123” with attribute (id=123), then authorize the request.

    The problem I’m facing is I don’t know how to access the original request data from my scripted policy. I have dumped the “environment” variable available in script, but it doesn’t contain any HTTP headers. Is there a way to do this in OpenAM? It would seem that not having access to original request data in the policy script would be a severe limitation, so I’m hoping that I’m missing something obvious here…

    Thanks

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?