Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact UnboundID support in order to understand the potential impact of that change.
Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
A custom Custom Logged Policy Request Attribute object enables additional request attributes to be included in the output of a Trace Log Publisher for policy evaluations.
The value of each configured Custom Logged Policy Request Attribute is appended to messages of type "XACML POLICY RESULT" output by the Trace Log Publisher. In order to be logged, the Custom Logged Policy Request Attribute must be available in the XACML Request Context at the time that the policy engine is evaluating a request.
↓Relations to This Component
↓Properties
↓dsconfig Usage
The following components have a direct composition relation to Custom Logged Policy Request Attributes:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ logger-key | None |
| ↓ xacml-category-id | |
| ↓ xacml-attribute-id |
| Description | The key (left-hand-side) to use when writing the value of this attribute in a log message. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The XACML category Id to use for retrieving the attribute from the XACML request context. For example the standard XACML attribute category "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" can be used when specifying an attribute of the request subject. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The XACML attribute Id to use for retrieving the attribute from the XACML request context. For example the standard XACML attribute id "urn:oasis:names:tc:xacml:3.0:subject:authn-locality:ip-address" can be used to log the originating IP address of a request. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured Custom Logged Policy Request Attributes:
dsconfig list-custom-logged-policy-request-attributes
[--property {propertyName}] ...
To view the configuration for an existing Custom Logged Policy Request Attribute:
dsconfig get-custom-logged-policy-request-attribute-prop
--attribute-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Custom Logged Policy Request Attribute:
dsconfig set-custom-logged-policy-request-attribute-prop
--attribute-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Custom Logged Policy Request Attribute:
dsconfig create-custom-logged-policy-request-attribute
--attribute-name {name}
--set logger-key:{propertyValue}
--set xacml-category-id:{propertyValue}
--set xacml-attribute-id:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Custom Logged Policy Request Attribute:
dsconfig delete-custom-logged-policy-request-attribute
--attribute-name {name}