Evaluates a policy for a given request and returns a non-boolean result.
am_policy_evaluate() has been deprecated. See am_policy_evaluate_ignore_url_notenforced().
am_policy_evaluate() was used to evaluate policy for URLs on the not-enforced list and those not on the not-enforced list. Since there is not a need to evaluate URLs on the not-enforced list, am_policy_evaluate() has been deprecated. Although it can still be used, the SDK invokes am_policy_evaluate_ignore_url_notenforced().
#include "am_policy.h" AM_EXPORT am_status_t am_policy_evaluate(am_policy_t policy_handle, const char *sso_token, const char *resource_name, const char *action_name, const am_map_t env_parameter_map, am_map_t policy_response_map_ptr, am_policy_result_t *policy_result);
This function takes the following parameters:
Integer specifying the object being evaluated.
Pointer to the session token (SSOTokenID) of the authenticated user.
The Access Manager Session Service creates a session data structure (also known as an SSOToken) that stores information such as login time, authentication scheme, and authentication level. It also generates a session token (also known as an SSOTokenID, a randomly-generated string that identifies an instance of an SSOToken.
Pointer to the name of the resource being requested.
Pointer to the action requested.
Map object which contains environment variables (IP address, host name, etc.) used for evaluation by the Policy Service.
See am_map_t for more information.
Pointer to a map object which contains all the profile, session and response attributes fetched.
Pointer to the am_policy_result_t type to store the result.
See am_policy_result_t for more information.
This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):
If the call was successful.
If any error occurs, the type of error indicated by the status value.
After using the results the caller must call am_policy_result_destroy() on policy_result to cleanup the allocated memory. Also, am_map_destroy() must be called on policy_response_map_ptr and env_parameter_map after their respective usage.