Contents
You can use the Retrieve from Tivoli filter when you need to retrieve user attributes independently from authorizing the user against Tivoli Access Manager. This filter is found in the Attributes category of filters.
For details on prerequisites for integration with IBM Tivoli, see the Tivoli integration topic.
Complete the following fields to configure the Retrieve from Tivoli filter:
Name:
Enter an appropriate name for the filter.
User ID:
Enter the ID of a user to retrieve attributes for. You can enter a static user name, Distinguished Name (DName), or selector representing a message attribute. The selector is expanded to the value of the message attribute at runtime.
For example, you can enter ${authentication.subject.id}.
This means that the ID of the authenticated user, which is normally a DName,
is used to retrieve attributes for. For this to work correctly, an authentication
filter must have been configured to run before this filter in the policy.
For more details on selectors, see Select configuration values at runtime.
Attributes:
You can specify a list of user attributes to retrieve from the Tivoli server. You can add individual attributes to be retrieved by clicking the Add button and entering the attributes in the dialog. If you want all attributes to be retrieved, leave the table blank.
Tivoli Configuration Files:
A Tivoli configuration file that contains all the required connection details is associated with a particular Oracle API Gateway instance. Click the Settings button to display the Tivoli Configuration dialog.
On the Tivoli Configuration dialog, select the API Gateway instance whose connection details you want to configure. For more details on configuring this wizard, see the Tivoli integration topic.
