Credential Profile Condition - Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual

Hide thumbs Also See for ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010:

Manual (374 pages)

User manual (58 pages)

Manual (264 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

Table of Contents

Unix Lines

For regular expression syntax information, see the Javadoc for java.util.regex.Pattern.

Value: Select Data Entry Field and specify a value appropriate for your comparison type. Use the

Edit button to access a text box where you can enter multiple values, each on a separate line. (For

more information, see

Section 3.6.23, "Edit Button," on page

one at a time. For example:

Comparison Type

Value

Equals

10.10.10.10

10.10.10.11

In Range

10.10.10.10 - 10.10.10.100

10.10.20.10 - 10.10.20.100

In Subnet

10.10.10.12 / 22

10.10.20.30 / 22

Other values types are possible. For example, if your user store contains an LDAP attribute with the

IP address of your users, you could select to compare the client's current IP address with the stored

value by using an LDAP attribute or a Liberty User Profile value.

Result on Condition Error: Specify what the condition returns when the comparison of the two

values returns an error rather than the results of the comparison. Select either False or True. If you

do not want the action applied when an error occurs, select False. If you want the action applied

when an error occurs, select True.

3.6.3 Credential Profile Condition

The Credential Profile condition allows you to control access based on the credentials the user

entered when authenticating to the system.

To set up the matching for this condition, fill in the following fields:

Credential Profile: Specify the type of credential your users are using for authentication. If you

have created a custom contract that uses credentials other than the ones listed below, do not use the

Credential Profile as a condition.

To configure the Credential Profile condition, select one of the following:

LDAP Credentials: If you prompt the user for a username, select this option, then select

LDAP User Name (the cn of the user), LDAP User DN (the fully distinguished name of the

user), or LDAP Password.

The default contracts assign the cn attribute to the Credential Profile. If your user store is an

Active Directory server, the SAMAccountName attribute is used for the username and stored in

the cn field of the LDAP Credential Profile.

X509 Credentials: If you prompt the user for a certificate, select this option, then select one of

the following:

X509 Public Certificate Subject: Retrieves the subject field from the certificate, which

can match the DN of the user, depending upon who issued the certificate.

113.) Use the Add button to add values

Creating Authorization Policies

Table of Contents

Chapters

Table of Contents

Credential Profile Condition - Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual

3.6.3 Credential Profile Condition

Chapters

Troubleshooting

Related Manuals for Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010

Related Content for Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010

Table of Contents