Access Resource Protected by JSAM Assertion
The Access Resource Protected by JSAM assertion is available after you install and configure the Sun Java System Access Manager Custom Assertion package. This assertion allows a policy to use the Single Sign-On (SSO) and Policy Service from an existing Sun® Java™ System Access Manager 7.0 or 7.1 deployment.
gateway90
The
Access Resource Protected by JSAM
assertion is available after you install and configure the Sun Java System Access Manager Custom Assertion package. This assertion allows a policy to use the Single Sign-On (SSO) and Policy Service from an existing Sun
® Java™ System Access Manager 7.0 or 7.1
deployment.The Administrator is responsible for installing and configuring the Sun Java System Access Manager Custom Assertion package on the Gateway. For more information, refer to the
CA API Gateway - Custom Assertions Installation Manual
. (1) You may receive an HTTP Basic authentication warning when the Access Resource Protected by JSAM assertion is used with these assertions: Require XPath Credentials, Require FTP Credentials, or Require WS-Security UsernameToken Profile Credentials. You may ignore this policy validation warning. (2) If the incoming request is coming through a CA API Gateway - XML VPN Client, be sure the Pass Through HTTP Cookies check box has been set on the [XML VPN Client Policy] tab of the Gateway Account properties.
When running this assertion in the browser client, a triangular warning icon (
) may appear next to the dialog box when the assertion properties is displayed. You may ignore this icon.
) may appear next to the dialog box when the assertion properties is displayed. You may ignore this icon.Context Variables Created by This Assertion
The user attributes for a successfully authenticated user are available through the following context variables:
Context variables created by Access Resource Protected by JSAM assertion
Attribute | Context Variable |
UID | ${jsam.attributes.uid} |
User Password | ${jsam.attributes.userpassword} |
DN | ${jsam.attributes.dn} |
CN | ${jsam.attributes.cn} |
SN | ${jsam.attributes.sn} |
Inet User Status | ${jsam.attributes.inetuserstatus} |
Given Name | ${jsam.attributes.givenname} |
Object Class | ${jsam.attributes.objectclass} |
Policy Example
The following illustrates how this custom assertion might be used in a policy:
"At least one assertion must evaluate to true" Require HTTP Basic CredentialsRequire HTTP Cookie: iPlanetDirectoryPro Access Resource Protected by JSAM Route via HTTP(S) to URL
Using the Assertion
- Do one of the following:
- To add the assertion to the Policy Development window, see Adding an Assertion.
- To change the configuration of an existing assertion, proceed to step 2 below.
- Right-clickAccess Resource Protected by JSAMin the policy window and selectJSAM: Access Resource Protected by JSAMor double-click the assertion in the policy window. The assertion properties are displayed.
- Configure the dialog as follows:SettingDescriptionRealmEnter the name of the realm defined on the Java System Access Manager Server.ResourceEnter the protected resource URL defined in a JSAM policy. Be sure to include the port number. For example:http://server:80/WebApp/Service1.asmxActionEnter the allowed action, as defined in a JSAM policy. For example,POSTorGET. The default is POST.
- Click [OK]when done.