The following fields are available on the Attributes
configuration screen:
Name:
Enter a suitable name for this filter.
Attributes:
The Attributes table lists the checks that the Enterprise Gateway
performs on user attributes stored in the attribute.lookup.list
message attribute. The Enterprise Gateway performs the following checks:
-
The entries in the table are OR-ed together so that if any one of
them succeeds, the filter returns a pass result.
-
The attribute checks listed in the table are run in series
until one of them passes.
-
You can add a number of attribute-value pairs to a single attribute check
by separating them with commas (for example,
company=oracle,
department=engineering, role=engineer ).
-
If multiple attribute-value pairs are present in a given attribute
check, these pairs are AND-ed together so that the overall attribute
check only passes if all the attribute-value pairs pass. For example,
if the attribute check comprises,
department=engineering,
role=engineer , this check only passes if both attributes are
found with the correct values in the
attribute.lookup.list message attribute.
To add an attribute check to the Attributes table,
click the Add button, and enter attributes in the
Add Attributes dialog.
For attribute checks involving attributes extracted from a SAML attribute
assertion, it is necessary to specify the namespace of the attribute as
it was given in the assertion. For example, the Enterprise Gateway can extract
the role attribute from the following SAML
<Attribute Statement> , and store it in the
attribute.lookup.list map:
The NameFormat attribute of the <Attribute>
gives the namespace of the attribute name. You must enter this namespace (together
with a corresponding prefix) in the Add Attributes dialog.
For example, to extract the role attribute from the SAML attribute
statement above, enter pre:role=admin in the Attribute
Requirement field. Then you must also map the pre prefix
to the http://www.company.com namespace, as specified by the
NameFormat attribute in the attribute statement.
|