Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 124

Liberty User Profile: Injects the value of the selected attribute. If no profile attributes are
available, you have not enabled their use in the Identity Server configuration. See
"Managing Web Services and
Server
Proxy Session Cookie: Injects the session cookie associated with the user.
Roles: Injects the roles that have been assigned to the user.
Shared Secret: Injects a value that has been stored in the selected shared secret store.
Select the shared secret store and the name of the value you want injected.
You can create your own value. Click New Shared Secret, specify a display name for the
store, and the Access Manager creates the store. Select the store, click New Shared Secret
Entry, specify a name for the attribute, then click OK. The name you select for the
attribute should match the Custom Header name. The store can contain one name/value
pair or a collection of name/value pairs. For more information, see
and Managing Shared Secrets," on page
The Refresh Data Every option allows you to determine when to send a query to verify the
current value of the secret. Because querying slows down the processing of a policy, secret
values are normally cached for the user session.
Change the value of this option from session to a more frequent interval only on those
secrets that are critical to the security of your system or to the design of your work flow.
You can select to cache the value for the session, for the request, or for a time interval
varying from 5 seconds to 60 minutes. For more information, see
the Refresh Data Option," on page
String Constant: Injects a static value that you specify in the text box. This value is used
by all users who access the resources assigned to this policy.
Java Data Injection Module: Specifies the name of a custom Java plug-in, which injects
custom values into the header. Usually, you can use either the LDAP Attribute or Liberty
User Profile option to supply custom values, because both are extensible. For more
information on creating a Java plug-in, see
Examples
Data Extension: (Conditional) If you have installed a data extension for Identity Injection
policies, this option injects the value that the extension retrieves. For more information
about creating a data extension, see
Examples
7 Specify the format for the value:
Multi-Value Separator: Select a value separator, if the value type you have select is multi-
valued. For example, Roles can contain multiple values.
DN Format: If the value is a DN, select the format for the DN:
LDAP: Specifies LDAP typed comma notation.
cn=jsmith,ou=Sales,o=novell
NDAP Partial Dot Notation: Specifies eDirectory typeless dot notation.
jsmith.sales.novell
NDAP Leading Partial Dot Notation: Specifies eDirectory typeless leading dot
notation.
.jsmith.sales.novell
NDAP Fully Qualified Partial Dot Notation: Indicates eDirectory typed dot notation.
124 Novell Access Manager 3.1 SP2 Policy Guide
Profiles" in the
Guide.
(http://developer.novell.com/wiki/index.php/Nacm).
(http://developer.novell.com/wiki/index.php/Nacm).
Novell Access Manager 3.1 SP2 Identity
152.
116.
Novell Access Manager Developer Tools and
Novell Access Manager Developer Tools and
Section 5.4, "Creating
Section 4.1.1, "Using