Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
The Token Policy Information Provider resolves XACML attributes whose value can be retrieved from an OAuth2 access token generated on this Data Governance Server.
This Policy Information Provider enables XACML policies to access properties of the OAuth2 Bearer access token submitted as part of a HTTP request for protected resources. The access token is returned as a JSON object that policies may reference using a XACML AttributeSelector with a JSON path. This PIP only retrieves access tokens generated by this Data Governance Server.
↓Parent Component
↓Properties
↓dsconfig Usage
The Token Policy Information Provider component inherits from the Policy Information Provider
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ enabled | |
| ↓ evaluation-order-index |
| Description | A description for this Policy Information Provider |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether this Policy Information Provider is enabled for use in Data Governance Server. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | When multiple Token Policy Information Providers are defined for a single Data Governance Server, this property determines the evaluation order for determining the correct provider class for a specified XACML attribute. Values of this property must be unique among all Token Policy Information Providers defined within Data Governance Server but not necessarily contiguous. Token Policy Information Providers with a smaller value will be evaluated first to determine if they match a XACML attribute Id. If the inclusion criteria of the Token Policy Information Providers are non-overlapping, i.e. no entry will match more than one Token Policy Information Provider, then the values for this property are unimportant. |
| Default Value | 1000 |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured Policy Information Providers:
dsconfig list-policy-information-providers
[--property {propertyName}] ...
To view the configuration for an existing Policy Information Provider:
dsconfig get-policy-information-provider-prop
--provider-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Policy Information Provider:
dsconfig set-policy-information-provider-prop
--provider-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...