> Administrator Guide > Experience Definitions

Administrator Guide

     Previous  Next    Open TOC in new window    View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Experience Definitions

This chapter describes how to configure AquaLogic Ensemble user experiences. It is divided into the following sections:

 

About Experience Definitions

An experience definition describes the following aspects of the user experience:

Ensemble employes a set of experience rules to determine which experience definition to associate with a user. Each experience rule evaulates to true if its set of conditions is satisfied. Experience rules are evaluated in order, and the first rule to evaluate to true determines the experience definition is associated with the user.

 

Configuring Experience Definitions

To configure an experience definition:

  1. Launch the Ensemble Console.
  2. Click the EXPERIENCES tab.
  3. Click the Definitions sub-tab.
  4. Click the experience definition you want to edit, or to create a new resource, click Create new.
  5. On the General page, type a Name and Description for the experience definition.
  6. On the Log In Settings page, configure the login resource and interstitial pages. For details, see Login Resources and Interstitial Pages.
  7. On the Authentication Settings page, select an Authentication method from the drop-down.
    8. Caution: Ensemble uses the authentication method set in the experience definition if it meets or exceeds the authentication level required by the resource being accessed. If the resource requires a greater authentication level, Ensemble uses the authentication method appropriate for that authentication level.
  8. Click Save.

 

Configuring Experience Rules

The experience definition that Ensemble chooses depends on a set of experience rules that Ensemble evaluates in a specified order. You configure experience rules by first adding or editing rules in the Rule Library. You then set the precedence of rules in the Rule Order.

Rules are defined by one or more rule types. A rule type is a single condition that can be evaluated as true or false. You can configure the rule so that any or all of the rule types must evaluate to true for the rule to evaluate to true. The following table describes the available rule types:

Table 8-1 Rule Types
Rule Type
Description
Client IP
Evaluates to true if this value matches the user's IP. You can configure the Client IP rule to match a range of IP addresses by using regular expressions.
Date
You can set the Date rule to be equal to, greater than, less than, greater than or equal to, or less than or equal to a given date.
You can combine two Date rule types to provide access over a range of dates.
User
Evaluates to true if this value is the current user.
Secure connection
Evaulates to true of the connection is secure (HTTPS).
Time
You can set the Time rule to be equal to, greater than, less than, greater than or equal to, or less than or equal to a given time.
You can combine two Time rule types to provide access over a period of time.
Browser
Evaluates to true if this value matches the user's browser type.
Group membership
Evaluates to true if this value is a group of which the user is a member.
Non-secure connection
Evaulates to true of the connection is not secure (HTTP).
Day of Week
Evaulates to true if this value is equal to the current day of the week.
Locale
Evaluates to true if this value matches the user's locale.
User property
Evaluates to true if this value matches the user's property value.
Always true
Always evaluates to true.
Always false
Always evaluates to false.

Creating and Editing Rules in the Rule Library

  1. Launch the Ensemble Console.
  2. Click the EXPERIENCES tab.
  3. Click the Rule Library sub-tab.
  4. Click Create new.
  5. On the General page, in the Name box, type the name of the rule.
  6. Type a Description of the rule.
  7. On the Definition page, click Add.
  8. Either select the rule type to create or click on an existing rule.

    9. You can add existing rules as rule types. This allows compound rules to be formed. For example, you might create a rule that evaluates to true if any of three users is accessing the resource from a secure connection. To do this, you create rule type that evaluates to true for any of the three users. You then add that rule type to a rule type where it and the Secure connection rule type must evaluate to true.

  9. Add the rule type by clicking OK.
  10. Click Add to add another rule type, or finish creating the rule by clicking Save.

Published Rules

You can configure a rule to be published or not published. You are able to add a published rule to a policy. You are able use an unpublished rule only as as a rule type for other rules.

To publish a rule, from the rule's General page, select Is published. To unpublish the rule, clear the check box next to Is published.

Note: If the rule is currently being used in the Rule Order, it cannot be unpublished.

Rule Order

The Rule Order sub-tab associates experience rules with experience definitions and provides the order in which Ensemble evaluates the rules. When determining the experience definition, Ensemble first checks the first (lowest numbered) rule in the Rule Order. If the experience rule evaluates to true, Ensemble associates the experience definition with the user. If the experience rule evaluates to false, the next rule in the order is checked, and so on, until an experience rule evaluates to true and Ensemble can associate an experience definition with the user.

To change the order of rules, adjust the numbers in the Order column.

To create a new rule in the Rule Order:

  1. Launch the Ensemble Console.
  2. Click the EXPERIENCES tab.
  3. Click the Rule Order sub-tab.
  4. Click Add Rule.
  5. On the General page, in the Name box, type the name of the rule.
  6. Type a Description of the rule.
  7. On the Settings page, next to Condition, click Select.
  8. Select the rule. Click OK.
  9. Next to Experience definition, click Select.
  10. Select the experience definition to be assigned if this rule is selected. Click OK.
  11. Click Save.

 

Login Resources and Interstitial Pages

The experience definition associated with a user determines, in part, the specifics of the user's login and logout experience. On the Log In Settings page of the experience definition configuration you can supply the login resource and login, logout, error, and other interstitial pages.

The login resource is a proxied application server used to host the various pages associated with the experience definition.

To create a login resource, create a resource and select Is Login resource on the General page.

For details on creating a resource, see Proxy Resources.

The following table describes the various pages that you can associate with an experience definition.

Table 8-2 Login, Logout, and Interstitial Page Settings
Setting
Definition
Pre-log in page
Ensemble displays this page to the user prior to attempting to authenticate the user.
Login page
This page provides the form for login when the authenticator is HTML form-based login. Ensemble displays this page after the Pre-log in page and before the Post-log in page.
Post-log in page
Ensemble displays this page to the user after successful authentication and before the user accesses the resource.
Error page
Ensemble displays this page if there is an error in the login process.
Post-log out page
Ensemble displays this page after the user logs out of the resource.

For details on customizing the login, logout, error, and other interstitial pages, see Custom Login Resources.

Caution: Ensemble uses the login, logout, error, and interstitial page settings in the experience definition regardless of the final authenticator used to access the resource. Ensemble uses an authenticator other than the authenticator configured with the experience definition if the resource being access requires a higher authentication level. If the required authenticator uses a login page and there is no login page configured in the experience definition, the user is presented with a blank page and is unable to authenticate.

  Back to Top       Previous  Next