Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 120

Proxy Session Cookie: Injects the session cookie associated with the user.
Roles: Injects the roles that have been assigned to the user.
Shared Secret: Injects the username that has been stored in the selected shared secret
store.
You can create your own username attribute. Click New Shared Secret, specify a display
name for the store, and the Access Manager creates the store. Select the store, click New
Shared Secret Entry, specify a name for the attribute, then click OK. The store can contain
one name/value pair or a collection of name/value pairs. For more information, see
Section 5.4, "Creating and Managing Shared Secrets," on page
The Refresh Data Every option allows you to determine when to send a query to verify the
current value of the secret. Because querying slows down the processing of a policy, secret
values are normally cached for the user session.
Change the value of this option from session to a more frequent interval only on those
secrets that are critical to the security of your system or to the design of your work flow.
You can select to cache the value for the session, for the request, or for a time interval
varying from 5 seconds to 60 minutes. For more information, see
the Refresh Data Option," on page
String Constant: Injects a static value that you specify in the text box. This value is used
by all users who access the resources assigned to this policy.
Java Data Injection Module: Specifies the name of a custom Java plug-in, which injects
custom values into the header. Usually, you can use either the LDAP Attribute or Liberty
User Profile option to supply custom values, because both are extensible. For more
information about creating a custom plug-in, see
Tools and Examples
Data Extension: (Conditional) If you have installed a data extension for Identity Injection
policies, this option injects the value that the extension retrieves. For more information
about creating a data extension, see
Examples
The value type you use depends upon how you have set up the application.
7 Fill in the Password field.
Select Credential Profile to insert the password the user entered when the user authenticated.
This is the most common value type to use for the password. If you have created a custom
contract that uses credentials other than the ones listed below for the password, do not use the
Credential Profile for the password.
LDAP Credentials: If you prompt the user for a password, select this option, then select
LDAP Password. If the user's password is the same as the name of the user, you can select
either LDAP User Name (the cn attribute of the user) or LDAP User DN (the fully
distinguished name of the user).
X509 Credentials: If you use a certificate for the password, select this option, then select
one of the following:
120 Novell Access Manager 3.1 SP2 Policy Guide
(http://developer.novell.com/wiki/index.php/Nacm).
(http://developer.novell.com/wiki/index.php/Nacm).
X509 Public Certificate Subject: Injects just the subject from the certificate, which
can match the DN of the user, depending upon who issued the certificate.
X509 Public Certificate Issuer: Injects just the issuer from the certificate, which is
the name of the certificate authority (CA) that issued the certificate.
X509 Public Certificate: Injects the entire certificate.
116.
®
Novell Access Manager Developer
Novell Access Manager Developer Tools and
152.
Section 4.1.1, "Using