Modifying Referrals

You can modify the components of a referral that has already been created. To Modify a Referral describes the procedure to change or delete a referral.

To Modify a Referral

Before You Begin

This procedure assumes:

• You are logged into the OpenSSO Enterprise console as the administrator.

• You have already created the referral. See Creating Policies and Referrals.

• You did not previously define the referral's components. See Creating Policies and Referrals.

1. Under the Access Control tab, click the name of the realm in which the policy you are modifying was created.

2. Click the Policies tab.

3. Click the name of the referral you are modifying.

   The referral's component page is displayed.

4. Under the Rules menu, click New to display the New Rule page and modify as follows.

   You can click the name of a Rule that has already been defined. The Rules attributes are the same whether you are defining them now or modifying definitions made in Creating Policies and Referrals. You can also select a defined Rule and delete it.

   1. Select the appropriate Service Type and click Next.

      This value can not be changed once the Rule has been created. The options are:

      • Discovery Service (with resource name) defines the authorization actions for Discovery Service query and modify protocol invocations by web services clients.

      • Liberty Personal Profile Service (with resource name) defines the authorization actions for Liberty Personal Profile Service query and modify protocol invocations by web services clients.

      • URL Policy Agent (with resource name) defines authorization actions for the URL Policy Agent service. This is used to define policies that protect HTTP and HTTPS URLs. This is the most common use case.

      You may see a larger list if more services are enabled for policy. (See Enabling Policy in a Service.) For more information, see Rules.

   2. Add a Name for the Rule.

   3. Add a URL as the value for Resource Name and click Finish to return to the referral's components page.

      Currently, policy agents only support http:// and https:// resources thus the value should be a URL. IP addresses are not supported. Wildcards are supported for protocol, host, port and resource name. For example:

      http*://*:*/*.html

      For the URL Policy Agent service type, the default port number is 80 for http:// and 443 for https:// if no port number is defined. In this example, o=example.com is the sub realm that manages access to http://www.example.com and its sub-resources.

5. Under the Referrals menu, click New.

   You can click the name of a Referral that has already been defined. The Referrals attributes are the same whether you are defining them now or modifying definitions made in Creating Policies and Referrals. You can also select a defined Referral and delete it.

6. Enter a Name for the Referral.

7. Specify a filter and click Search.

   This action defines the realm names that will be displayed in the Value field. By default, it will display all realm names.

8. Select the realm to which you are referring policy administration from the drop down list.

9. Click Finish to return to the referral's components page.

10. Click Save to update the referral.