Modifying a Referral Policy
You can delegate policy definitions and decisions of a realm to different realms using referral policies. Custom referrals can used to get policy decisions from any policy destination point. Once you have created a referral policy, you can add or modify associated the rules, referrals, and resource providers.
To Add or Modify a Rule to a Referral Policy
-
If you have already created the policy, click the name of the policy for which you wish to add the rule. If not, see To Create a Referral Policy With the Access Manager Console.
-
Under the Rules menu, click New.
-
Select one of the following default service types for the rule. You may see a larger list if more services are enabled for the policy:
- Discovery Service
-
Defines the authorization actions for Discovery service query and modify protocol invocations by web services clients for a specified resource.
- Liberty Personal Profile Service
-
Defines the authorization actions for Liberty Personal Profile service query and modify protocol invocations by web services clients for a specified resource.
- URL Policy Agent
-
Defines authorization actions for the URL Policy Agent service. This is used to define policies that protect HTTP and HTTPS URLs. This is the most common use case of Access Manager policies.
-
Click Next.
-
Enter a name and resource name for the rule.
Currently, Access Manager Policy Agents only support http:// and https:// resources and do not support IP addresses in place of the hostname.
Wildcards are supported for protocol, host, port and resource name. For example:
http*://*:*/*.html
For the URL Policy Agent service, if a port number is not entered, the default port number is 80 for http://, and 443 for https://.
Note –Steps 6 and 7 are not applicable for a referral policy.
-
Click Finish.
To Add or Modify Referrals to a Policy
-
If you have already created the policy, click the name of the policy for which you wish to add the response provider. If you have not yet created the policy, see To Create a Referral Policy With the Access Manager Console.
-
Under the Referrals list, click New.
-
Define the resource in the Rules fields. The fields are:
Referral— Displays the current referral type.
Name— Enter the name of the referral.
Resource Name— Enter the name of the resource.
Filter— Specifies a filter for the realm names that will be displayed in the Value field. By default, it will display all realm names.
Value — Select the realm name of the referral.
-
Click Finish.
To remove a referral from a policy, select the referral and click Delete.
You can edit any referral definition by clicking on the Edit link next to the referral name.
To Add a Response Provider to a Referral Policy
-
If you have already created the policy, click the name of the policy for which you wish to add the response provider. If you have not yet created the policy, see To Create a Referral Policy With the Access Manager Console.
-
Under the Response Providers list, click New.
-
Enter a name for the response provider.
-
Define the following values:
- StaticAttribute
-
These are static attributes in attribute value format, defined in an instance of IDResponseProviderstored in the policy.
- DynamicAttribute
-
The response attributes chosen here need to first be defined in the Policy Configuration Service for the corresponding realm. The attribute names defined should be a subset of those existing in the configured datastore (IDRepository). For details on how to define the attributes see the Policy Configuration attribute definitions. To select specific or multiple attributes, hold the Control key and click the left mouse button.
-
Click Finish.
-
To remove response provider from a policy, select the subject and click Delete. You can edit any response provider definition by clicking on the name.
- © 2010, Oracle Corporation and/or its affiliates