CA API Gateway 9.1

9.4 9.1

Access Resource Protected by JSAM Assertion

The Access Resource Protected by JSAM Assertion allows a policy to use the Single Sign-On (SSO) and Policy Service from an existing Java System Access Manager 7.0 or 7.1 deployment.
gateway92
The
Access Resource Protected by JSAM Assertion
allows a policy to use the Single Sign-On (SSO) and Policy Service from an existing
Java System Access Manager 7.0 or 7.1
 deployment.
For instructions on how to install this assertion, see Install the Java System Access Manager Assertion. Once installed, this assertion is available from both the Access Control and Custom Assertions palettes.
Note the following when using this assertion:
  • You may receive an HTTP Basic authentication warning when the Access Resource Protected by JSAM assertion is used with these assertions: Require XPath Credentials, Require FTP Credentials, or Require WS-Security UsernameToken Profile Credentials. You may ignore this policy validation warning.
  • If the incoming request is coming through a 
    XML VPN Client
    , be sure the "Pass Through HTTP Cookies" option is selected on the [XML VPN Client Policy] tab of the Gateway Account properties. For details, refer to the documentation for the XML VPN Client located here: docops.ca.com/xvc
  • When running this assertion in the browser client, a triangular warning icon (Exclamation_in_triangle.png) may appear next to the dialog box when the assertion properties is displayed. You may ignore this icon.
Contents:
Context Variables Created by This Assertion
The user attributes for a successfully authenticated user are available through the following context variables:
Attribute
Context Variable
UID
${jsam.attributes.uid}
User Password
${jsam.attributes.userpassword}
DN
${jsam.attributes.dn}
CN
${jsam.attributes.cn}
SN
${jsam.attributes.sn}
Inet User Status
${jsam.attributes.inetuserstatus}
Given Name
${jsam.attributes.givenname}
Object Class
${jsam.attributes.objectclass}
Policy Example
The following illustrates how this custom assertion might be used in a policy:
 "At least one assertion must evaluate to true"
   Require HTTP Basic CredentialsRequire HTTP Cookie: iPlanetDirectoryPro
   Access Resource Protected by JSAM
   Route via HTTP(S) to URL
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the policy development window, drag and drop the assertion from the palette.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. Right-click
    Access Resource Protected by JSAM
    in the policy window and select
    JSAM: Access Resource Protected by JSAM
    or double-click the assertion in the policy window. The assertion properties are displayed. 
  3. Configure the dialog as follows:
    Setting
    Description
    Realm
    Enter the name of the realm defined on the Java System Access Manager Server.
    Resource
    Enter the protected resource URL defined in a JSAM policy. Be sure to include the port number. For example:
    http://server:80/WebApp/Service1.asmx
    Action
    Enter the allowed action, as defined in a JSAM policy. For example,
    POST
     or
    GET
    . The default is POST.
  4. Click [
    OK
    ]
     
    when done.

Content feedback and comments