Sun Java System Access Manager Policy Agent 2.2 Guide for Microsoft Internet Information Services 6.0

Support for Fetching User Session Attributes

Before this release of web agents, header and cookie information was retrieved, or sourced, solely from user profile properties. Now, header and cookie information can also be sourced from session properties.

Use the following property to choose how you want session attributes retrieved:

com.sun.am.policy.agents.config.session.attribute.fetch.mode

For the preceding property, the following modes are available as retrieval methods:

The following example illustrates this property with the retrieval method set to HTTP_HEADER:


com.sun.am.policy.agents.config.session.attribute.fetch.mode = HTTP_HEADER

The source of header and cookie information is controlled by the following configuration property from the web agent AMAgent.properties configuration file:

com.sun.am.policy.agents.config.session.attribute.map

This configuration property has the same format as an LDAP header property. The following is an example of how this configuration property can be set:

com.sun.am.policy.agents.config.session.attribute.map = 
name-of-session-attribute1|name-of-header-attribute1, 
name-of-session-attribute2|name-of-header-attribute2

Where name-of-session-attribute1 and other similarly named properties, or attributes, in the preceding code represent actual property names.

Benefit - Support for Fetching User Session Attributes: The benefit of this feature is that session properties can be more effective for transferring information, especially dynamic information. Prior to this release, agents could only fetch users’ profile attributes, which tend to be static attributes. However, session attributes allow applications to obtain dynamic user information when necessary. Since this feature allows you to fetch non-user profile attributes, you can fetch attributes such as SAML assertion.