Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 123

Hide thumbs Also See for ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010:

Manual (374 pages)

User manual (58 pages)

Manual (110 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

Table of Contents

If you create a custom header policy with these name/value pairs, the policy injects these names

with their values into a custom header, before sending the request to the Web server.

To create such a policy:

1 In the Administration Console, click Policies > Policies.

2 Select the policy container, then click New.

3 Specify a name for the policy, select Access Gateway: Identity Injection for the type, then click

OK.

4 (Optional) Specify a description for the injection policy. This is useful if you plan to create

multiple custom header policies to be used for multiple resources.

5 In the Actions section, click New, then select Inject into Custom Header.

6 Fill in the following fields:

Custom Header Name: Specify the name to be inserted into the custom header. These are the

names required by your application. If your application requires the X- prefix, make sure you

include the prefix in this field.

Value: Select the value required by the name. Select one of the following:

Authentication Contract: Injects the URI of a local authentication contract that the user

used for authentication.

Client IP: Injects the IP address associated with the user.

Credential Profile: Injects the credentials that the user specified at login. You can select

LDAP Credentials, X509 Credentials, or SAML Credentials. For more information, see

Section 4.3, "Configuring an Authentication Header Policy," on page

LDAP Attribute: Injects the value of the selected attribute. For Active Directory servers,

specify the SAMAccountName attribute for the username. If the attribute you require does

not appear in the list, click New LDAP Attribute to add the attribute.

The Refresh Data Every option allows you to determine when to send a query to the

LDAP server to verify the current value of the attribute. Because querying the LDAP

server slows down the processing of a policy, LDAP attribute values are normally cached

for the user session.

Change the value of this option from session to a more frequent interval only on those

attributes that are critical to the security of your system or to the design of your work flow.

You can select to cache the value for the session, for the request, or for a time interval

varying from 5 seconds to 60 minutes.

For more information, see

Section 4.1.1, "Using the Refresh Data Option," on page

118.

116.

Creating Identity Injection Policies 123

Table of Contents

Chapters

Table of Contents

Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 123

Chapters

Troubleshooting

Related Products for Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010

Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 123

Chapters

Troubleshooting

Related Manuals for Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010

Related Products for Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010

Table of Contents