Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version 3

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2

...

In summary, the default constraint allows 0..N values assigned per attribute, single-value allows 0..1 values, required allows 1..N, and the combination of single-value and required allows 1..1 values.
Authorization will not succeed if any of the constraints fail.

Roles

The Roles view presents a simplified view into the authorization policy where the Site Manager is allowed to manage group – role associations. See the Figure 2.

...

ObjectDescription
GroupClick Group or System name to edit group object
UpdateEdit role field and click Update to update group – role association
AddClick Add… to create a new association. By default the name of the group is used for the role name. You can change the role name. Any number of associations can be created. A single group may be associated with any number of roles.
RemoveSelect group check box and click Remove to remove group – role association.

Attributes

The Attributes view (see Figure 3) presents a more advanced view into the authorization policy.

...

  • text:<string>
    → the value is <string>
  • user:<name>
    → the value is evaluated by reading the attribute <name> from the user's directory object. For example, user:uid would return the value of the uid attribute.
  • user:<name>;binary
    → LDAP binary option mechanism (http://www.rfc-editor.org/rfc/rfc2251.txt , Authentication and Authorization Processauthorization process and SSO Management customization → Disabling Context Menu items). The attribute <name> is returned to web applications as Base64 coded string. For example, user:objectGuid;binary would return value such as sFy0xj0cXU6QpjsQRCzG5Q== .
  • method:<name>
    → the value is evaluated by reading the attribute <name> assigned by the authentication method component. The availability of method attributes depends on the authentication method implementation. For example, the CUSTID attribute is available with the Tupas 2 authentication method. method:CUSTID would then return the value of the CUSTID attribute from the Tupas 2 authentication process.

Java EL expressions

It is possible to use Java EL expressions in place of attribute values. This enables more complicated techniques available in Java EL syntax for building attribute values, such as concatenation of strings.

...

Note

Note: In the image above, there's the expression that sets the attribute's name to "role", so an attribute with name "name" would not be defined.

Applications

This view shows the web applications where this authorization policy is assigned.

...