Contents    

To Add Conditions

Conditions allows you to define constraints on the policy. For example, if you are defining policy for a paycheck application, you can define a condition on this action limiting access to the application only during specific hours. Or, you may wish to define a condition that only grants this action if the request originates from a given set of IP addresses or from a company intranet.

The condition might additionally be used to configure different policies on different URIs on the same domain. For example, http://org.example.com/hr/*jsp can only be accessed by org.example.net from 9am to 5 p.m., yet http://org.example.com/finance/*.jsp can be accessed by org.example2.net from 5 a.m. to 11 p.m. This can be achieved by using an IP Condition along with a Time Condition. And specifying the rule resource as http://org.example.com/hr/*.jsp, the policy would apply to all the JSPs under http://org.example.com/hr including those in the sub directories.

To add conditions to a normal policy:

  1. Define the conditions for the policy. Select Conditions from the View menu. Click New to add a new condition, or click the Edit link to edit an existing condition.
  2. Select one of the following default conditions:
    • Authentication Level
    • Authentication Scheme
    • IP Address
    • LE Authentication Level
    • Session
    • Time
    • For Authentication Level, the policy applies if the user’s authentication level is greater than or equal to the Authentication level set in the condition. For LE Authentication Level, the policy applies if the user’s authentication level is less than or equal to the Authentication level set in the condition

  3. Click Next.
  4. Define the values for a given condition in the Rules fields. The fields are:
  5. Name. Enter the name of the condition.

    Authentication Level

    Authentication level. Indicate the level of trust for authentication. The available authentication levels are displayed in the authentication level and authentication module table.

    Authentication Scheme

    Authentication scheme. Choose the authentication scheme for the condition from the pull-down menu. These authentication schemes are taken from the Core service template in the organization authentication modules.

    IP Address

    IP Address From/To. Specifies the range of the IP address.

    DNS Name. Specifies the DNS name. This field can be a fully qualified hostname or a string in the following format:

    *.domainname

    Time

    Date From/To. Specifies the range of the date.

    Time. Specifies the range of time within a day.

    Day. Specifies a range of days.

    Timezone. Specifies a timezone, either standard or custom. Custom timezones can only be a timezone ID recognized by Java (for example, PST). If no value is specified, the default value is the Timezone set in the Access Manager JVM.

    Session

    Max Session Time. Specifies the maximum user session time during which a policy applies.

    Terminate Session. If selected, the user session will be terminated if the session time exceeds the maximum allowed as defined in the Max Session Time field.

  6. Once you have defined the condition, click Finish.
  7. All of the conditions created for that policy are displayed in the table in the Conditions view.

  8. Click Save.
  9. To remove a condition from a policy, select the condition and click Delete.

    You can edit any condition definition by clicking on the Edit link next to the condition name.


Contents