Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01 Manual page 131

Copyright © 2010, Juniper Networks, Inc.
Add or modify settings as specified in Table 35 on page 113.
4.
Click one:
5.
OK—Saves the changes.
Cancel—Cancels the modifications.
Table 35: IF–MAP Session-Import Policy Configuration Details
Option Function
Name Specifies a unique name for
the session-import policy.
Description Describes the policy.
Stop on match Stops matching the roles
when an IF-MAP client has
successfully matched the
roles.
Match Criteria > Identity tab
Match IF-MAP Specifies that identity
Identity should be used as the
criteria for assigning roles.
Match Criteria > Roles tab
Match IF-MAP Specifies that role match
Roles should be used as the
criteria for assigning roles.
Match Criteria > Capabilities tab
Match IF-MAP Specifies that capability
Capabilities match should be used as
the criteria for assigning
roles.
Chapter 12: Configuring IF-MAP Federation Settings
Your Action
Enter a name for the session-import policy.
Enter a brief description for the policy.
Select this option to stop matching roles after
a successful match is found.
Select this action and the following identity
options appear.
Identity—Enter the identity name. For
example, for a regular employee named
Bob Smith you might enter the Identity as
username bsmith and select username for
the identity type.
Identity Type—Select the identity type. If
you choose Other for identity type, enter a
unique identity type in the text box.
Administrative Domain—Type the
administrative domain for the
session-import policy.
All aspects of the IF-MAP identity (name, type,
and administrative domain) must exactly
match the session-import policy.
Select this action and the following role
option appears.
Roles— From Roles, click New and enter a
specified role.
Select this action and the following option
appears.
Capabilities—From Capabilities, click New
and enter a specified capability.
113