Sun OpenSSO Enterprise 8.0 C API Reference for Application and Web Policy Agent Developers


Evaluates a policy for a given request and returns a non-boolean result.

Note –

am_policy_evaluate() has been deprecated. See am_policy_evaluate_ignore_url_notenforced().


am_policy_evaluate() was used to evaluate policy for URLs on the not-enforced list and those not on the not-enforced list. Since there is not a need to evaluate URLs on the not-enforced list, am_policy_evaluate() has been deprecated. Although it can still be used, the SDK invokes am_policy_evaluate_ignore_url_notenforced().


#include "am_policy.h"
AM_EXPORT am_status_t
am_policy_evaluate(am_policy_t policy_handle,
                   const char *sso_token,
                   const char *resource_name,
                   const char *action_name,
                   const am_map_t env_parameter_map,
                   am_map_t policy_response_map_ptr,
                   am_policy_result_t *policy_result);


This function takes the following parameters:


Integer specifying the object being evaluated.


Pointer to the session token (SSOTokenID) of the authenticated user.

Note –

The OpenSSO Enterprise Session Service creates a session data structure (also known as an SSOToken) that stores information such as login time, authentication scheme, and authentication level. It also generates a session token (also known as an SSOTokenID, a randomly-generated string that identifies an instance of an SSOToken.


Pointer to the name of the resource being requested.


Pointer to the action requested.

Note –

An action is the operation to be performed on the resource. Web server actions are POST and GET. An allowable action for a human resources service , for example, can change a home telephone number.


Map object which contains environment variables (IP address, host name, etc.) used for evaluation by the Policy Service.

Note –

See am_map_t for more information.


Pointer to a map object which contains all the profile, session and response attributes fetched.

Note –

This must be enabled in the agent configuration properties. See am_policy_result_t for information on how this is done. See am_map_t for more information on map objects.


Pointer to the am_policy_result_t type to store the result.

Note –

See am_policy_result_t for more information.


This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):


If the call was successful.


If any error occurs, the type of error indicated by the status value.

Memory Concerns

After using the results the caller must call am_policy_result_destroy() on policy_result to cleanup the allocated memory. Also, am_map_destroy() must be called on policy_response_map_ptr and env_parameter_map after their respective usage.