Access Manager provides subject, condition and referral interfaces that enable you to develop your own custom subjects, conditions and referrals. A sample implementation is provided for the three interfaces. SampleSubject.java implements the Subject interface. This subject applies to all the authenticated users who have valid SSOTokens. SampleCondition.java implements the Condition interface. This condition makes the policy applicable to those users whose user name length is greater than or equal to the length specified in the condition.
SampleReferral.java implements the Referral interface. SampleReferral.java gets the referral policy decision from a text file SampleReferral.properties located in the /samples directory.
You must add the subject, condition and, referral implementations to iPlanetAMPolicyService and iPlanetAMPolicyConfigService in order to make them available for policy definitions. These services are loaded into Access Manager during installation. To add the sample implementations to the Policy framework, modify the iPlanetAMPolicy service and iPlanetAMPolicyConfig service.
Use db2ldif to back up iPlanetAMPolicy and iPlanetAMPolicyConfig services.
cd DirectoryServer-base/slapd-hostname db2ldif -n userRoot -s "ou=iPlanetAMPolicyService,ou=services,root_suffix" db2ldif -n userRoot -s "ou=iPlanetAMPolicyConfigService,ou=services,root_suffix " |
Set the environment variable LD_LIBRARY_PATH.
On Solaris, add /usr/lib/mps/secv1 to LD_LIBRARY_PATH.
On Linux, add /opt/sun/private/lib to LD_LIBRARY_PATH.
Run the following commands:
cd AccessManager-base/samples/policy AccessManager-base/bin/amadmin --runasdn "uid=amAdmin,ou=People,default_org, root_suffix --password password --schema amPolicy_mod.xml AccessManager-base/bin/amadmin --runasdn "uid=amAdmin,ou=People,default_org, root_suffix --password password --data amPolicyConfig_mod.xml |
Change the properties files of the iPlanetAMPolicy and iPlanetAMPolicyConfig services.
cd AccessManager-base/locale mv amPolicy.properties amPolicy.properties.bak mv amPolicy_en.properties amPolicy_en.properties.bak mv amPolicyConfig.properties amPolicyConfig.properties.bak mv amPolicyConfig_en.properties amPolicyConfig_en.properties.bak cp AccessManager-base/samples/policy/amPolicy.properties . cp AccessManager-base/samples/policy/amPolicy_en.properties . cp AccessManager-base/samples/policy/amPolicyConfig.properties . cp AccessManager-base/samples/policy/amPolicyConfig_en.properties . |
Deploy the sample plug-ins.
Copy SampleSubject.class , SampleCondition.class and SampleReferral.class from the /sample directory to AccessManager-base/lib .
Restart the Access Manager server.
The sample subject, condition and referral implementations are now available for policy definitions through the administration console or amadmin tool.