This section describes the following example Service Provider rules:
The example Service Provider confirmation rules have access to the list of candidate accountIds under the candidates path and to the Service Provider User view under the view path.
Inputs:
None
You must specify the following for a custom Service Provider confirmation rule:
AuthType |
SPERule |
SubType |
SUBTYPE_SPE_LINK_CONFIRMATION_RULE |
Returns |
A null or a string representing the confirmed accountId |
Predefined Rules |
None |
The following table describes the example confirmation rules you can use to customize Service Provider.
Table 4–14 Example Service Provider Confirmation Rules
Rule Name |
Description |
---|---|
Service Provider Example Confirmation Rule Rejecting All Candidates |
Rejects all candidates from a link correlation rule.Returns a null. |
Service Provider Example Confirmation Rule Returning First Candidate |
Returns the first accountId from the candidate list. |
Service Provider Example Confirmation Rule Selecting Candidates Using AccountId |
Returns the candidate that matches the accountId in the view. If the rule cannot find the accountId from the view in the candidate list, then the rule returns a null. |
The example Service Provider correlation rules have access to the Service Provider User view.
Inputs:
None
You must specify the following for a custom Service Provider correlation rule:
The following table describes the example correlation rules you can use to customize Service Provider.
Table 4–15 Example Service Provider Correlation Rules
Rule Name |
Description |
---|---|
Service Provider Example Correlation Rule for LDAP Returning Option Map |
Returns an option map with a search filter to be used with an LDAP adapter. The LDAP Resource Adapter allows a filter to be passed to scope the search operation. The filter is expected to be an LDAP search filter. |
Service Provider Example Correlation Rule for Simulated Returning Option Map |
Returns an option map with a search filter to be used with a Simulated Resource Adapter. The Simulated Resource Adapter allows a filter to be passed to scope the search operation. This adapter expects the search filter to be an AttributeExpression. |
Service Provider Example Correlation Rule Returning List of Identities |
Returns a list of accountIds in LDAP DN format that are composed from the accountId in the view. |
Service Provider Example Correlation Rule Returning Single Identity |
Returns a single accountId in LDAP DN format composed from the account Id in the view. |
The example Service Provider account locking rules have access to the Service Provider User view and they lock or unlock accounts in a Sun Directory Server.
Inputs:
See Table 4–16.
You must specify the following for a custom Service Provider account locking rule:
AuthType |
SPERule |
SubType |
Not specified |
Returns |
Nothing |
Predefined Rules |
None |
The following table describes the example account locking rules you can use to customize Service Provider.
Table 4–16 Example Service Provider Account Locking Rules
Rule Name |
Input Variable |
Description |
---|---|---|
Service Provider Example Lock Account Rule |
lockExpirationDate: A possibly null java.util.Date at which the lock should expire. |
Locks an account in a Sun Directory Server. This rule modifies top-level attributes in the Service Provider user view. |
Service Provider Example Unlock Account Rule |
None |
Unlocks an account in a Sun Directory Server. This rule modifies top-level attributes in the Service Provider user view. |