use_real_client_ip
Activate the use of the real client IP address for authorization decisions.
use_real_client_ip = {true | false}
Description
Determines whether to activate the current, or real, client IP address. Specify this entry under the [rtss-eas] stanza.
If the client_ip = client_ip entry exists in the [azn-decision-info] stanza, then the current client IP address is activated in the AZN_CRED_NETWORK_ADDRESS_STR credential.
In IBM Security Access Manager for Web version 7.0, the value of AZN_CRED_NETWORK_ADDRESS_STR contained the client IP address when the user first authenticated and the credential was built. If the IP address changed during the session, the value was not updated. To use this type of client IP address, we have two options:
- Do not add the client_ip = client_ip entry to the [azn-decision-info] stanza.
- Add the client_ip = client_ip entry to the [azn-decision-info] stanza. Also, set use_real_client_ip = false under the [rtss-eas] stanza.
Options
true Runtime security services EAS uses the current and real IP address. false Runtime security services EAS uses the client IP address from when the user first authenticated and the credential was built. If the client IP changes during the session, the client IP is not updated.
Usage:
This stanza entry is not required.
This stanza entry applies to Advanced Access Control.
Default value
true
Example:
use_real_client_ip = false