Custom attributes for the authorization service
We can modify the [azn-decision-info] stanza of the WebSEAL configuration file to make other data available to the external authorization service (EAS).
We can define our own attributes, called custom attributes, to specify in policies and for decision making. Update the WebSEAL configuration file with the attribute information so the EAS can use these attributes. The WebSEAL EAS uses this attribute information to create the runtime security services request.
To update the WebSEAL configuration file for custom attributes:
- Update the [azn-decision-info] stanza with the custom attribute information.
- Define the type of data and category the attribute represents using the [user-attribute-definitions] stanza.
- [azn-decision-info] stanza
Add extra information from the HTTP request to the authorization decision information.- [user-attribute-definitions] stanza
Use the [user-attribute-definitions] stanza to modify the data type, the category, or both of a custom attribute.- Set the data type or category of a custom attribute
Set the data type or category of a custom attribute being passed to the runtime security services. Setting the data type or category ensures the runtime security services use the data accurately when evaluating the policy.
Parent topic: Attributes