Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact UnboundID support in order to understand the potential impact of that change.
A custom Custom Logged Authorization Request Attribute object enables additional request attributes to be included in the output of an Authorization Log Publisher.
The value of each Custom Logged Authorization Request Attribute that is configured for an Authorization Log Publisher is appended to messages of type "policy-decision" output by the logger. In order to be logged, the Custom Logged Authorization Request Attribute must be available in the XACML Request Context at the time that the policy engine is evaluating an authorization request.
↓Relations to This Component
↓Properties
↓dsconfig Usage
The following components have a direct composition relation to Custom Logged Authorization Request Attributes:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ logger-key | None |
| ↓ xacml-category-id | |
| ↓ xacml-attribute-id |
| Description | The key (left-hand-side) to use when writing the value of this attribute in a log message. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The XACML attribute category Id to use for retrieving the attribute from XACML request context. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The XACML attribute Id to use for retrieving the attribute from the XACML request context. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured Custom Logged Authorization Request Attributes:
dsconfig list-custom-logged-authorization-request-attributes
[--property {propertyName}] ...
To view the configuration for an existing Custom Logged Authorization Request Attribute:
dsconfig get-custom-logged-authorization-request-attribute-prop
--attribute-name {name}
--publisher-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Custom Logged Authorization Request Attribute:
dsconfig set-custom-logged-authorization-request-attribute-prop
--attribute-name {name}
--publisher-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Custom Logged Authorization Request Attribute:
dsconfig create-custom-logged-authorization-request-attribute
--attribute-name {name}
--publisher-name {name}
--set logger-key:{propertyValue}
--set xacml-category-id:{propertyValue}
--set xacml-attribute-id:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Custom Logged Authorization Request Attribute:
dsconfig delete-custom-logged-authorization-request-attribute
--attribute-name {name}
--publisher-name {name}