The Builtin Policy Information Provider resolves Xacml attributes that are implemented by the core Identity Broker.
↓Parent Component
↓Properties
↓dsconfig Usage
The Builtin Policy Information Provider component inherits from the Policy Information Provider
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | ↓ xacml-attribute-id |
| ↓ enabled | |
| ↓ evaluation-order-index |
| Description | A description for this Policy Information Provider |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether this Policy Information Provider is enabled for use in Identity Broker. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | When multiple Builtin Policy Information Providers are defined for a single Identity Broker, this property determines the evaluation order for determining the correct provider class for a specified XACML attribute. Values of this property must be unique among all Builtin Policy Information Providers defined within Identity Broker but not necessarily contiguous. Builtin Policy Information Providers with a smaller value will be evaluated first to determine if they match a XACML attribute Id. If the inclusion criteria of the Builtin Policy Information Providers are non-overlapping, i.e. no entry will match more than one Builtin Policy Information Provider, then the values for this property are unimportant. |
| Default Value | 1000 |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
xacml-attribute-id (Advanced Property, Read-Only)
| Description | Specifies the XACML attribute identifiers that can be resolved by this Builtin Policy Information Provider. Each instance of this property may be either a specific attribute identifier (URI) as would be specified in a XACML policy, or a prefix that encompasses a family of such attributes. To be evaluated as a prefix, the attribute name must end with ":*", for example urn:xxx:yyy:zzz:*". |
| Default Value | |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured Policy Information Providers:
dsconfig list-policy-information-providers
[--property {propertyName}] ...
To view the configuration for an existing Policy Information Provider:
dsconfig get-policy-information-provider-prop
--provider-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Policy Information Provider:
dsconfig set-policy-information-provider-prop
--provider-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...