Configure the attribute collection service

Before we can collect risk calculation information, specify the server and location of the collection service. We also must specify a JavaScript file to collect the session attributes.

Run the isamcfg tool to configure the runtime security services EAS. See Use the isamcfg tool.

Review Attribute collection service.

Steps

  1. Optional: Configure the context-based access properties that we require for the attribute collection service. These properties are set by the isamcfg tool, but if we need to change them, use the following instructions:

    1. Configure attributeCollection.requestServer to specify the server from which requests are received using the local management interface:

      1. Select AAC > Global Settings > Advanced Configuration
      2. Find the attributeCollection.requestServer key in the list and click the edit icon. A new window displays the name and the current value.

      3. Edit the value of the request servers. The value is a space-separated list of WebSEAL host names from which requests are permitted. Host names musts begin with http:// or https://. For example, type http://mywebsealhost.company.com.

    2. Configure attributeCollection.serviceLocation to specify the location using the local management interface:

      1. Select AAC > Global Settings > Advanced Configuration
      2. Find the attributeCollection.serviceLocation key in the list and click the edit icon. A new window displays the name and the current value.

      3. Edit the value of the location. Set the location as: 

          https://host_name/webseal-junction-name
          For example, type https://mywebsealhost.company.com/mga.

      We can configure any other attribute collection service attributes in a similar fashion, as necessary.

  2. Add the URL of info.js to the <head> block in the HTML landing page of your application. The info.js file calls functions that are required to collect session attributes. Follow this format: 

      <script src="https://host_name/webseal-junction-name/sps/ac/js/info.js"></script>

    When the info.js file is included on an HTML page, attribute collection by Ajax calls can take time to complete. To avoid issues, attribute collection must end before moving away from the page. For example, if the attribute collection is still running, and a link is clicked, the policy fails to resolve session attributes. To prevent this issue, modify the JavaScript file to prevent the user from continuing until after the Ajax call completes.

The basic configuration of the attribute collection service for context-based access is complete.

Parent topic: Attribute collection service