Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
The Certificate Policy Information Provider makes the properties of a Client TLS Certificate available to a policy writer.
This Policy Information Provider enables authorization policies to access properties of a Client TLS Certificate chain submitted as part of a HTTPS request for protected resources. Certificate information including the subject, issuer, and expiration date is returned as a JSON object that may be examined by policy rules.
↓Parent Component
↓Properties
↓dsconfig Usage
The Certificate Policy Information Provider component inherits from the Policy Information Provider
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ enabled | |
| ↓ evaluation-order-index |
| Description | A description for this Policy Information Provider |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether this Policy Information Provider is enabled for use in Data Governance Server. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | When multiple Certificate Policy Information Providers are defined for a single Data Governance Server, this property determines the evaluation order for determining the correct provider class for a specified XACML attribute. Values of this property must be unique among all Certificate Policy Information Providers defined within Data Governance Server but not necessarily contiguous. Certificate Policy Information Providers with a smaller value will be evaluated first to determine if they match a XACML attribute Id. If the inclusion criteria of the Certificate Policy Information Providers are non-overlapping, i.e. no entry will match more than one Certificate Policy Information Provider, then the values for this property are unimportant. |
| Default Value | 3000 |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured Policy Information Providers:
dsconfig list-policy-information-providers
[--property {propertyName}] ...
To view the configuration for an existing Policy Information Provider:
dsconfig get-policy-information-provider-prop
--provider-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Policy Information Provider:
dsconfig set-policy-information-provider-prop
--provider-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...