test

Sun OpenSSO Enterprise 8.0 Administration Guide

Referral

A referral (referred to as a referral policy in previous releases) controls the delegation of both policy creation and evaluation. It consists of one or more rules and one or more referrals. Using a referral policy allows an administrator to delegate the administration of a realm's policy definitions and decisions to a sub or peer realm. Alternatively, policy decisions for a resource can be delegated to other policy products.

Note –

The Policy Configuration service contains a global attribute called Realm Alias Referrals. This attribute allows you to create policies in sub-realms without having to create referral policies from the top-level or parent realm. You can only create policies to protect HTTP or HTTPS resources whose fully qualified hostname matches the realm/DNS Alias of the realm. By default, this attribute is defined as No.

The following sections have more information on the components of a referral.

Rules

A referral rule defines the resource whose policy definition and evaluation is being referred. By default, there are three OpenSSO Enterprise services enabled for policy referral.

Referrals

The referral defines the realm to which policy definition and evaluation is being referred. The referral can delegate to a peer realm (on the same level) or a sub realm (on a subordinate level). The realm to which policy definition or evaluation is referred can define and evaluate access only for those protected resources (or sub-resources) that have been referred to it. (This restriction does not apply to the top-level realm.) For more information, see To Create a Referral Using the OpenSSO Enterprise Console.