Service Provider Rules
This section describes the following example Service Provider rules:
Service Provider Confirmation Rules
The example Service Provider confirmation rules have access to the list of candidate accountIds under the candidates path and to the Service Provider User view under the view path.
Inputs:
None
You must specify the following for a custom Service Provider confirmation rule:
|
AuthType |
SPERule |
|
SubType |
SUBTYPE_SPE_LINK_CONFIRMATION_RULE |
|
Returns |
A null or a string representing the confirmed accountId |
|
Predefined Rules |
None |
The following table describes the example confirmation rules you can use to customize Service Provider.
Table 4–14 Example Service Provider Confirmation Rules|
Rule Name |
Description |
|---|---|
|
Service Provider Example Confirmation Rule Rejecting All Candidates |
Rejects all candidates from a link correlation rule.Returns a null. |
|
Service Provider Example Confirmation Rule Returning First Candidate |
Returns the first accountId from the candidate list. |
|
Service Provider Example Confirmation Rule Selecting Candidates Using AccountId |
Returns the candidate that matches the accountId in the view. If the rule cannot find the accountId from the view in the candidate list, then the rule returns a null. |
Service Provider Correlation Rules
The example Service Provider correlation rules have access to the Service Provider User view.
Inputs:
None
You must specify the following for a custom Service Provider correlation rule:
The following table describes the example correlation rules you can use to customize Service Provider.
Table 4–15 Example Service Provider Correlation Rules|
Rule Name |
Description |
|---|---|
|
Service Provider Example Correlation Rule for LDAP Returning Option Map |
Returns an option map with a search filter to be used with an LDAP adapter. The LDAP Resource Adapter allows a filter to be passed to scope the search operation. The filter is expected to be an LDAP search filter. |
|
Service Provider Example Correlation Rule for Simulated Returning Option Map |
Returns an option map with a search filter to be used with a Simulated Resource Adapter. The Simulated Resource Adapter allows a filter to be passed to scope the search operation. This adapter expects the search filter to be an AttributeExpression. |
|
Service Provider Example Correlation Rule Returning List of Identities |
Returns a list of accountIds in LDAP DN format that are composed from the accountId in the view. |
|
Service Provider Example Correlation Rule Returning Single Identity |
Returns a single accountId in LDAP DN format composed from the account Id in the view. |
Service Provider Account Locking Rules
The example Service Provider account locking rules have access to the Service Provider User view and they lock or unlock accounts in a Sun Directory Server.
Inputs:
See Table 4–16.
You must specify the following for a custom Service Provider account locking rule:
|
AuthType |
SPERule |
|
SubType |
Not specified |
|
Returns |
Nothing |
|
Predefined Rules |
None |
The following table describes the example account locking rules you can use to customize Service Provider.
Table 4–16 Example Service Provider Account Locking Rules|
Rule Name |
Input Variable |
Description |
|---|---|---|
|
Service Provider Example Lock Account Rule |
lockExpirationDate: A possibly null java.util.Date at which the lock should expire. |
Locks an account in a Sun Directory Server. This rule modifies top-level attributes in the Service Provider user view. |
|
Service Provider Example Unlock Account Rule |
None |
Unlocks an account in a Sun Directory Server. This rule modifies top-level attributes in the Service Provider user view. |
- © 2010, Oracle Corporation and/or its affiliates