Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 126

Tag Value: Specify the value. Select from the following data types:
Authentication Contract: Injects the URI of a local authentication contract that the user
used for authentication.
Client IP: Injects the IP address associated with the user.
Credential Profile: Injects the credentials that the user specified at login. You can select
LDAP Credentials, X509 Credentials, or SAML Credential. For more information, see
Section 4.3, "Configuring an Authentication Header Policy," on page
LDAP Attribute: Injects the value of the selected attribute. For Active Directory servers,
specify the SAMAccountName attribute for the username. If the attribute you require does
not appear in the list, click New LDAP Attribute to add the attribute.
The Refresh Data Every option allows you to determine when to send a query to the
LDAP server to verify the current value of the attribute. Because querying the LDAP
server slows down the processing of a policy, LDAP attribute values are normally cached
for the user session.
Change the value of this option from session to a more frequent interval only on those
attributes that are critical to the security of your system or to the design of your work flow.
You can select to cache the value for the session, for the request, or for a time interval
varying from 5 seconds to 60 minutes. For more information, see
the Refresh Data Option," on page
Liberty User Profile: Injects the value of the selected attribute. If no profile attributes are
available, you have not enabled their use in the Identity Server configuration. See
"Managing Web Services and
Server
Proxy Session Cookie: Injects the session cookie associated with the user.
Roles: Injects the roles that have been assigned to the user.
Shared Secret: Injects a value that has been stored in the selected shared secret store. The
name specified as the Tag Name must match the name of a name/value pair stored in the
shared secret.
You can create your own value. Click New Shared Secret, specify a display name for the
store, and the Access Manager creates the store. Select the store, click New Shared Secret
Entry, specify a name for the attribute, then click OK. The name must match the expected
Tag Name. The store can contain one name/value pair or a collection of name/value pairs.
For more information, see
page
The Refresh Data Every option allows you to determine when to send a query to verify the
current value of the secret. Because querying slows down the processing of a policy, secret
values are normally cached for the user session.
Change the value of this option from session to a more frequent interval only on those
secrets that are critical to the security of your system or to the design of your work flow.
You can select to cache the value for the session, for the request, or for a time interval
varying from 5 seconds to 60 minutes. For more information, see
the Refresh Data Option," on page
String Constant: Injects a static value that you specify in the text box. This value is used
by all users who access the resources assigned to this policy.
126 Novell Access Manager 3.1 SP2 Policy Guide
Guide.
Section 5.4, "Creating and Managing Shared Secrets," on
152.
116.
Profiles" in the Novell Access Manager 3.1 SP2 Identity
116.
118.
Section 4.1.1, "Using
Section 4.1.1, "Using