Predefined attributes
An appliance with Advanced Access Control uses attributes to provide information about users and devices that try to access a protected resource. The appliance also includes a set of commonly used attributes called predefined attributes.
- accessTime
- action
- authenticationLevel
- authenticationMechanism
- authenticationMechanismTypes
- authenticationMethod
- authenticationTypes
- browserPlugins
- colorDepth
- currentDate
- currentTime
- deviceFonts
- deviceLanguage
- deviceName
- devicePlatform
- fiberlink.maas360.device.compliance.state
- fiberlink.maas360.device.ids
- fiberlink.maas360.device.ownership
- fiberlink.maas360.device.jailbroken
- fiberlink.maas360.device.last.reported
- fiberlink.maas360.device.managed.status
- fiberlink.maas360.device.match.found
- geoCity
- geoCountryCode
- geoLocation
- geoRegionCode
- groups
- groupsDN
- http:accept
- http:acceptEncoding
- http:acceptLanguage
- http:host
- http:uri
- http:userAgent
- ipAddress
- ipReputation
- oauthScopeResource
- oauthScopeSubject
- qop
- qradar.uba.risk.score
- registeredDeviceCount
- resource
- riskScore
- scheme
- screenAvailableHeight
- screenAvailableWidth
- screenHeight
- screenWidth
- userConsent
- userDN
- username
- worklight.adapter.adapter
- worklight.adapter.balance.account
- worklight.adapter.parameters
- worklight.adapter.procedure
- worklight.adapter.transfer.account.from
- worklight.adapter.transfer.account.to
- worklight.adapter.transfer.amount
- worklight.device.id
- worklight.version.app
- worklight.version.native
- worklight.version.platform
Categories
Category Description Action The user action. Environment When and how the user is trying to access the resource. Resource Information about what the user is trying to access. Subject Who is trying to access the resource.
Type
Type Description Access policy The administrator uses policy attributes to create policies. Risk profile The administrator uses risk attributes to create risk profiles.
Data type
Data type Description Boolean Condition that refers to two possible values: True False Date Date of the request. Integer Number that can be written without a fractional or decimal component. String Sequence of characters. Time Time of the request. X500Name Values with distinguished names.
Source type
Source type Description Active Collected by the attribute collection service. The administrator must add JavaScript to the application so that active attributes can be collected. For example: system fonts. Derived Generated by a policy information point (PIP). For example: risk score. Passive Collected from the browser by the external authorization service (EAS) and placed into an XACML request. Attributes with this source type are collected by the policy enforcement point (PEP) without installing more software or challenging the client to provide more details. For example: user-agent HTTP header and client IP address.
Source
Source Description Attribute collection service Collects information about the user device such as browser information, the operating system of the device, and the language of the device. Consent external authentication interface Asks the user for a device registration decision. Device fingerprint count PIP Counts the number of devices associated with the user. Fiberlink MaaS360 PIP Retrieves device attributes from the registered MaaS360 device inventory. Geolocation PIP Looks up the location of the user based on the IP address. HTTP headers Provides information about the request. IP reputation PIP Generates the IP reputation. See IP reputation for more information about IP reputation. POST data Collects information about the user and sends it to the external authorization service (EAS) as POST data. The EAS inserts this POST data into the decision request. Risk engine Generates the risk score. See Risk score calculation for more information about risk score calculation. System time Keeps the time of the system. Security Verify Access credential Collects information about the user from Security Verify Access. Worklight JavaScript PIP Parses the POST data from a Worklight adapter invocation and returns custom attributes that are created from the data that is contained within the POST from the parameters element. Parent topic: Attributes