Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact UnboundID support in order to understand the potential impact of that change.
Note: this is an abstract component that cannot be instantiated.
Policy Information Providers are used to retrieve XACML attribute(s) from the Policy Information Point (PIP) during policy evaluation. A single Policy Information Provider may be used to resolve one or more attribute specifications.
↓Direct Subcomponents
↓Relations From this Component
↓Properties
↓dsconfig Usage
The following Policy Information Providers are available in the server :
These Policy Information Providers inherit from the properties described below.
The following components have a direct composition relation to Policy Information Providers:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ enabled | |
| ↓ java-class | |
| ↓ xacml-attribute-id | |
| ↓ evaluation-order-index |
| Description | A description for this Policy Information Provider |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether this Policy Information Provider is enabled for use in Identity Broker. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The fully-qualified name of the Java class that provides the logic for this Policy Information Provider. |
| Default Value | None |
| Allowed Values | The fully-qualified name of a Java class that extends or implements com.unboundid.directory.broker.core.PolicyInformationProvider |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the XACML attribute identifiers that can be resolved by this Policy Information Provider. Each instance of this property may be either a specific attribute identifier (URI) as would be specified in a XACML policy, or a prefix that encompasses a family of such attributes. To be evaluated as a prefix, the attribute name must end with ":*", for example urn:xxx:yyy:zzz:*". |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | When multiple Policy Information Providers are defined for a single Identity Broker, this property determines the evaluation order for determining the correct provider class for a specified XACML attribute. Values of this property must be unique among all Policy Information Providers defined within Identity Broker but not necessarily contiguous. Policy Information Providers with a smaller value will be evaluated first to determine if they match a XACML attribute Id. If the inclusion criteria of the Policy Information Providers are non-overlapping, i.e. no entry will match more than one Policy Information Provider, then the values for this property are unimportant. |
| Default Value | None |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured Policy Information Providers:
dsconfig list-policy-information-providers
[--property {propertyName}] ...
To view the configuration for an existing Policy Information Provider:
dsconfig get-policy-information-provider-prop
--provider-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Policy Information Provider:
dsconfig set-policy-information-provider-prop
--provider-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To delete an existing Policy Information Provider:
dsconfig delete-policy-information-provider
--provider-name {name}