Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 128

Hide thumbs Also See for ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010:

Manual (374 pages)

User manual (58 pages)

Manual (264 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

Table of Contents

3 Specify a name for the policy, select Access Gateway: Identity Injection for the type, then click

OK.

4 (Optional) Specify a description for the injection policy.

5 In the Actions section, click New, then select Inject into Query String.

6 Fill in the following fields:

Tag Name: Specify the tag name that the application expects.

Tag Value: Specify the value. Select from the following data types:

Authentication Contract: Injects the URI of a local authentication contract that the user

used for authentication.

Client IP: Injects the IP address associated with the user.

Credential Profile: Injects the credentials that the user specified at login. You can select

LDAP Credentials, X509 Credentials, or SAML Credential. For more information, see

Section 4.3, "Configuring an Authentication Header Policy," on page

LDAP Attribute: Injects the value of the selected attribute. For Active Directory servers,

specify the SAMAccountName attribute for the username. If the attribute you require does

not appear in the list, click New LDAP Attribute to add the attribute.

The Refresh Data Every option allows you to determine when to send a query to the

LDAP server to verify the current value of the attribute. Because querying the LDAP

server slows down the processing of a policy, LDAP attribute values are normally cached

for the user session.

Change the value of this option from session to a more frequent interval only on those

attributes that are critical to the security of your system or to the design of your work flow.

You can select to cache the value for the session, for the request, or for a time interval

varying from 5 seconds to 60 minutes. For more information, see

the Refresh Data Option," on page

Liberty User Profile: Injects the value of the selected attribute. If no profile attributes are

available, you have not enabled their use in the Identity Server configuration. See

"Managing Web Services and

Server

Proxy Session Cookie: Injects the session cookie associated with the user.

Roles: Injects the roles that have been assigned to the user.

Shared Secret: Injects a value that has been stored in the selected shared secret store. The

name specified as the Tag Name must match the name of a name/value pair stored in the

shared secret.

128 Novell Access Manager 3.1 SP2 Policy Guide

Profiles" in the

Guide.

116.

Novell Access Manager 3.1 SP2 Identity

118.

Section 4.1.1, "Using

Table of Contents

Chapters

Table of Contents

Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 128

Chapters

Troubleshooting

Related Products for Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010

Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 128

Chapters

Troubleshooting

Related Manuals for Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010

Related Products for Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010

Table of Contents