ADI retrieval from the user credential

Authorization rules can be written to use ADI provided initially to the authorization rules evaluator as part of the credential. The initial call to the authorization service (azn_decision_access_allowed_ext()) contains the user's credential information. The authorization rules evaluator always looks through this credential information for any ADI required by the rule being processed. The authorization rule can use the value from any field in the credential, including extended attributes added to the credential during authentication.

Parent topic: Authorization decision information retrieval

Related concepts

• Overview of ADI retrieval
• ADI retrieval from the WebSEAL client request
• Dynamic ADI retrieval

Related tasks

• Supply a failure reason across a junction
• Configure WebSEAL to use the attribute retrieval service