Sun Java System Access Manager 7 2005Q4 Release Notes

Policy Module Enhancements

Personalization Attributes

In addition to Rules, Subjects, and Conditions, policies can now have personalization attributes (IDResponseProvider). The policy decision sent to the client from the policy evaluation now includes policy-based response personalization attributes in the applicable policies. Two types of personalization attributes are supported:

Policy Enforcement Points (agents) typically forward these attribute values as HTTP Header or Cookies or Request Attributes to the protected application.

Access Manager 7 2005Q4 does not support custom implementations of the Response Provider interface by customers.

Session Property Condition

The session policy condition implementation (SessionPropertyCondition) decides whether a policy is applicable to the request based on values of properties set in a user's Access Manager session. At policy evaluation time, the condition returns “true” only if the user's Access Manager session has every property value defined in the condition. For properties defined with multiple values in the condition, it is sufficient if the user session has at least one value listed for the property in the condition.

Policy Subject

The policy subject implementation (Access Manager Identity Subject) allows you to use entries from the configured Identity Repository as policy subject values.

Policy Export

You can export policies in XML format using the amadmin command. The new GetPolices and RealmGetPolicies elements in the amAdmin.dtd file support this feature.

Policy Status

A policy now has a status attribute, which can be set to active or inactive. Inactive policies are ignored during policy evaluation.