Article

jsabin's picture
article
Reads:

4424

Score:
1
1
1
 
Comments:

0

Redirecting with the Access Gateway Authorization Policy

Author Info

25 April 2007 - 2:41am
Submitted by: jsabin

Author Blog
Author Profile

Tags

Tags Map

(View Disclaimer)

Problem

A Forum reader recently asked:

"I saw a demo of a rather nice idea and I'd like to know how it was done. It showed an application being protected by Access Manager 3. When a user got an 'access denied' due to not having been given access to the application, the user would be redirected over to the UserApp workflow request page to fill in a form requesting access to the application. Then the workflow would be kicked off to the approvers.

I think I know how to set up the workflow part of this. And I'm guessing that to make this work that the UserApp also has to be a protected application behind Access Manager, so as to get the user logged in to it via single-sign-on. But how do I redirect the Access Manager 3 'access denied' error to a UserApp workflow page?"

And here's the response from Jason Sabin ...

Solution

This is typically performed by the new Access Gateway Authorization Policy.

For example, let's say a user has requested a web resource that he currently does not have access to. This is checked for in the Authorization Policy. Instead of just issuing a Deny message to the user, you can specify a URL to redirect to. This URL can point to anywhere, a custom page, a request for workflow, etc.

Here is a really simple example of an authorization policy that demonstrates this. I am using Roles as an example, but you can use anything within the policy to do this.

Example AG Authorization Policy

  Rule 1
    If URL Path [current]
       String equals
       Data Entry Field [/newWebResource]
    AND
    If Current Role of User
       String equals
       Role [yourRoleThatHasPermission]
    Permit
  Rule 2
    Deny Redirect 
       URL [Your workflow request URL]

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.



Related Articles


User Comments

© 2013 Novell