am_policy_result_t (Sun OpenSSO Enterprise 8.0 C API Reference for Application and Web Policy Agent Developers)

Sun OpenSSO Enterprise 8.0 C API Reference for Application and Web Policy Agent Developers

`am_policy_result_t`

Carries the evaluation results from the Policy Service.

Details

am_policy_result_t unifies various components of a policy evaluation including information regarding the user attempting to perform an action on the resource, advice messages as recommended during policy evaluation, if any, and attribute response maps providing specific key/values as set in policy definition or user entries.

Syntax

#include "am_policy.h"
typedef struct am_policy_result {
    const char *remote_user;
    const char *remote_user_passwd;
    const char *remote_IP;
    am_map_t advice_map;
    am_map_t attr_profile_map;
    am_map_t attr_session_map;
    am_map_t attr_response_map;
    const char *advice_string;
} am_policy_result_t;

Members

remote_user

Pointer to the user attempting access.

remote_user_passwd

Pointer to the password for the remote user.

remote_IP

Pointer to the IP address of the resource the user is attempting to access.

advice_map

Takes a value based on the am_map_t defined in the <am_map.h> header file that represents any advice messages that might have resulted from the policy evaluation.

Note –

For information on advices, see Chapter 4, Managing Policies, in Sun OpenSSO Enterprise 8.0 Administration Guide.

attr_profile_map

Takes a value based on the am_map_t (defined in the <am_map.h> header file) that represents one or more user profile attributes and a corresponding value. This member is enabled when the following two agent properties are configured:

com.sun.am.policy.agents.config.profile.attribute.fetch.mode takes a value of HTTP_HEADER or HTTP_COOKIE.
com.sun.am.policy.agents.config.profile.attribute.map takes a list of LDAP attributes and their mapped values in the format attribute_name|value.

attr_session_map

Takes a value based on the am_map_t (defined in the <am_map.h> header file) that represents one or more session attributes and a corresponding value. This member is enabled when the following two agent properties are configured:

com.sun.am.policy.agents.config.session.attribute.fetch.mode takes a value of HTTP_HEADER or HTTP_COOKIE.
com.sun.am.policy.agents.config.session.attribute.map takes a list of session attributes and their mapped values in the format attribute_name|value.

attr_response_map

Takes a value based on the am_map_t (defined in the <am_map.h> header file) that represents one or more response attributes and a corresponding value. This member is enabled when the following two agent properties are configured:

com.sun.am.policy.agents.config.response.attribute.fetch.mode takes a value of HTTP_HEADER or HTTP_COOKIE.
com.sun.am.policy.agents.config.response.attribute.map takes a list of response names and their mapped values in the format attribute_name|value.

advice_string

Pointer to a string that defines a value for further authentication if dictated by the policy condition. If no condition is specified, the advice string will have an empty value.

Memory Concerns

Memory for am_policy_result_t is allocated by am_policy_evaluate() and freed by am_policy_result_destroy().