Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 41

Mode: Select the mode, if available, that matches the data type. For example, if you select to
compare the values as strings, you can select either a Case Sensitive mode or a Case Insensitive
mode.
Value: Select one of the values that is available from the current request or select Data Entry Field
to enter a static value. The static value that you can enter depends on the comparison type you
selected.
Result on Condition Error: Specify what the condition returns when the comparison of the two
values returns an error rather than the results of the comparison. Select either False or True. If you
do not want the action applied when an error occurs, select False. If you want the action applied
when an error occurs, select True.
Roles from Identity Provider Condition
The Roles from Identity Provider condition allows you to assign a role based on a role assigned by
another identity provider (Liberty, SAML 2.0, WS Federation). You configure the condition to
match the role sent by the identity provider, then set the action to assign a new role.
This condition uses the mapped attribute All Roles. All roles that are assigned to the user can be
mapped to attributes and assigned to a trusted identity provider. For information about enabling All
Roles, see "Selecting Attributes for a Trusted
Identity Server Guide.
For an example of how to use Roles from Identity Provider to create a Role policy, see
"Mapping Roles between Trusted Providers," on page
configuration procedures required for sharing roles, see
Manager 3.1 SP2 Setup Guide.
To configure a Roles from Identity Provider condition, fill in the following fields:
Roles from Identity Provider: If you have configured your system for multiple identity providers,
select the identity provider. If you have only one, it is selected.
Comparison: Select one of the following types:
Comparison: String: Specifies that you want the values compared as strings, and how you
want the string values compared. Select one of the following:
Equals: Indicates that the values must match, letter for letter.
Starts with: Indicates that the Roles from Identity Provider value must begin with the
letters specified in the Value field.
Ends with: Indicates that the Roles from Identity Provider value must end with the letters
specified in the Value field.
Contains Substring: Indicates that the Roles from Identity Provider value must contain
the letters, in the same sequence, as specified in the Value field.
Comparison: Regular Expression: Matches: Specifies that you want the values compared as
regular expressions.
Mode: Select the mode appropriate for the comparison type:
Comparison: String: Specify whether case is important by selecting Case Sensitive or Case
Insensitive.
Comparison: Regular Expression: Matches: Select one or more of the following:
Provider" in the Novell Access Manager 3.1 SP2
62. For an example that explains all the
"Sharing Roles" in the
Section 2.5,
Novell Access
Creating Role Policies 41